allow approve certificates that are signed by grpc (#1225)

Signed-off-by: Wei Liu <liuweixa@redhat.com>
2026-02-14 10:00:11 +00:00 · 2025-10-27 21:11:45 +08:00
parent cc7a3b7b82
commit 678de2604d
1 changed files with 2 additions and 1 deletions
--- a/manifests/cluster-manager/hub/registration/clusterrole.yaml
+++ b/manifests/cluster-manager/hub/registration/clusterrole.yaml
@@ -134,8 +134,9 @@ rules:
  verbs: ["update", "patch"]
 {{end}}
 {{if .GRPCAuthEnabled}}
+# Allow hub to approve/sign certificates that are signed by grpc
 - apiGroups: ["certificates.k8s.io"]
  resources: ["signers"]
  resourceNames: ["open-cluster-management.io/grpc"]
-  verbs: ["sign"]
+  verbs: ["approve", "sign"]
 {{end}}