fix(upgrading): v1.13 use correct Helm values (#1414)

Signed-off-by: Sebastian Gaiser <[email protected]>
kyverno · Oct 31, 2024 · 9f4a024 · 9f4a024
1 parent 10412d7
commit 9f4a024
Showing 1 changed file with 34 additions and 31 deletions.
diff --git a/content/en/docs/installation/upgrading.md b/content/en/docs/installation/upgrading.md
@@ -25,42 +25,45 @@ Kyverno version 1.13 contains the following breaking configuration changes:
 
 1. **Removal of wildcard permissions**: prior versions contained wildcard view permissions, which allowed Kyverno controllers to view all resources including secrets and other sensitive information. In 1.13 the wildcard view permission was removed and a role binding to the default `view` role was added. See the documentation section on [Role Based Access Controls](./customization.md#role-based-access-controls) for more details. This change will not impact policies during admission controls but may impact reports, and may impact users with mutate and generate policies on custom resources as the controller may no longer be able to view these custom resources.
 
-To upgrade to 1.13 and continue to allow wildcard view permissions for all Kyverno controllers, use a Helm values file that grants these permissions as specified below:
+To upgrade to 1.13 and continue to allow wildcard view permissions for all Kyverno controllers, use a [Helm values file](https://github.com/kyverno/kyverno/blob/v1.13.0/charts/kyverno/values.yaml) that grants these permissions as specified below:
 
 ```yaml
 admissionController:
-  clusterRole:
-    extraResources:
-      - apiGroups:
-          - '*'
-        resources:
-          - '*'
-        verbs:
-          - get
-          - list
-          - watch
+  rbac:
+    clusterRole:
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
 backgroundController:
-  clusterRole:
-    extraResources:
-      - apiGroups:
-          - '*'
-        resources:
-          - '*'
-        verbs:
-          - get
-          - list
-          - watch
+  rbac:
+    clusterRole:
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
 reportsController:
-  clusterRole:
-    extraResources:
-      - apiGroups:
-          - '*'
-        resources:
-          - '*'
-        verbs:
-          - get
-          - list
-          - watch
+  rbac:
+    clusterRole:
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
 ```
 
 **NOTE**: using wildcard permissions is not recommended. Use explicit permissions instead.