summaryrefslogtreecommitdiffhomepage
path: root/cmd/k8s-operator/deploy
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/k8s-operator/deploy')
-rw-r--r--cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml3
-rw-r--r--cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml1
-rw-r--r--cmd/k8s-operator/deploy/manifests/operator.yaml14
3 files changed, 18 insertions, 0 deletions
diff --git a/cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml b/cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml
index 00d8318ac..22e1c4150 100644
--- a/cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml
@@ -41,6 +41,9 @@ rules:
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
resourceNames: ["servicemonitors.monitoring.coreos.com"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["clusterroles", "clusterrolebindings"]
+ verbs: ["get", "create", "patch", "update", "list", "watch", "deletecollection"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml b/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml
index 4b9149e23..0ffc3d42d 100644
--- a/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml
+++ b/cmd/k8s-operator/deploy/crds/tailscale.com_proxygroups.yaml
@@ -112,6 +112,7 @@ spec:
enum:
- egress
- ingress
+ - kube-apiserver
x-kubernetes-validations:
- rule: self == oldSelf
message: ProxyGroup type is immutable
diff --git a/cmd/k8s-operator/deploy/manifests/operator.yaml b/cmd/k8s-operator/deploy/manifests/operator.yaml
index 1d910cf92..68489a2fb 100644
--- a/cmd/k8s-operator/deploy/manifests/operator.yaml
+++ b/cmd/k8s-operator/deploy/manifests/operator.yaml
@@ -2893,6 +2893,7 @@ spec:
enum:
- egress
- ingress
+ - kube-apiserver
type: string
x-kubernetes-validations:
- message: ProxyGroup type is immutable
@@ -4880,6 +4881,19 @@ rules:
- get
- list
- watch
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - clusterrolebindings
+ verbs:
+ - get
+ - create
+ - patch
+ - update
+ - list
+ - watch
+ - deletecollection
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.