perm2

2026-03-06 09:30:04 +01:00
parent b23a23d385
commit 33dd0a06c7
2 changed files with 20 additions and 8 deletions
--- a/cluster-resources/policies/replicaset-cleaner.yaml
+++ b/cluster-resources/policies/replicaset-cleaner.yaml
@@ -1,3 +1,21 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: kyverno:pods-replicasets:manage
  labels:
    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
 rules:
 - apiGroups:
  - ''
  resources:
  - replicasets
  - pods
  verbs:
  - get
  - list
  - watch
  - delete
 ---
 apiVersion: kyverno.io/v2
 kind: ClusterCleanupPolicy
 metadata:
--- a/cluster-resources/policies/secret-cloner.yaml
+++ b/cluster-resources/policies/secret-cloner.yaml
@@ -1,19 +1,16 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: kyverno:resources:view
+  name: kyverno:secrets:view
  labels:
    rbac.kyverno.io/aggregate-to-admission-controller: "true"
    rbac.kyverno.io/aggregate-to-reports-controller: "true"
    rbac.kyverno.io/aggregate-to-background-controller: "true"
    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
 rules:
 - apiGroups:
  - ''
  resources:
  - secrets
  - pod
  - replicaset
  verbs:
  - get
  - list
@@ -22,17 +19,14 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: kyverno:resources:manage
+  name: kyverno:secrets:manage
  labels:
    rbac.kyverno.io/aggregate-to-background-controller: "true"
    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
 rules:
 - apiGroups:
  - ''
  resources:
  - secrets
  - pod
  - replicaset
  verbs:
  - create
  - update