Add a new role to manage the secret in the openshift-config-managed namespace

tremes · tremes · commit e865c862aa33 · 2021-07-30T09:07:02.000+02:00
diff --git a/manifests/03-clusterrole.yaml b/manifests/03-clusterrole.yaml
@@ -365,3 +365,42 @@ subjects:
 roleRef:
   kind: Role
   name: insights-operator-obfuscation-secret
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: insights-operator-etc-pki-entitlement
+  namespace: openshift-config-managed
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/single-node-developer: "true"
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - secrets
+    verbs:
+      - create
+      - get
+      - watch
+      - list
+      - delete
+      - update
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: insights-operator-etc-pki-entitlement
+  namespace: openshift-config-managed
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/single-node-developer: "true"
+subjects:
+  - kind: ServiceAccount
+    name: operator
+    namespace: openshift-insights
+roleRef:
+  kind: Role
+  name: insights-operator-etc-pki-entitlement
