From 1ed4ec12512bf8f2c408dd44769f05db0aa64dbe Mon Sep 17 00:00:00 2001
From: Sabbir Ahmed Shameem <145862004+SAShameem@users.noreply.github.com>
Date: Sun, 5 May 2024 21:27:46 +0600
Subject: [PATCH] Create clusterrole-approve.yaml

---
 .../clusterrole-approve.yaml                  | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 content/bn/examples/access/certificate-signing-request/clusterrole-approve.yaml

diff --git a/content/bn/examples/access/certificate-signing-request/clusterrole-approve.yaml b/content/bn/examples/access/certificate-signing-request/clusterrole-approve.yaml
new file mode 100644
index 0000000000..2c854c95c6
--- /dev/null
+++ b/content/bn/examples/access/certificate-signing-request/clusterrole-approve.yaml
@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csr-approver
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests/approval
+  verbs:
+  - update
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  resourceNames:
+  - example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
+  verbs:
+  - approve