charts/ingress-nginx/templates/clusterrole.yaml - atmosphere - Gitiles

 {{- if .Values.rbac.create }}

 {{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
   {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
 {{- end }}

 {{- if not .Values.rbac.scope -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     {{- with .Values.controller.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
   name: {{ include "ingress-nginx.fullname" . }}
 rules:
   - apiGroups:
       - ""
     resources:
       - configmaps
       - endpoints
       - nodes
       - pods
       - secrets
 {{- if not .Values.controller.scope.enabled }}
       - namespaces
 {{- end}}
     verbs:
       - list
       - watch
   - apiGroups:
       - coordination.k8s.io
     resources:
       - leases
     verbs:
       - list
       - watch
 {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
   - apiGroups:
       - ""
     resources:
       - namespaces
     resourceNames:
       - "{{ .Values.controller.scope.namespace }}"
     verbs:
       - get
 {{- end }}
   - apiGroups:
       - ""
     resources:
       - nodes
     verbs:
       - get
   - apiGroups:
       - ""
     resources:
       - services
     verbs:
       - get
       - list
       - watch
   - apiGroups:
       - networking.k8s.io
     resources:
       - ingresses
     verbs:
       - get
       - list
       - watch
   - apiGroups:
       - ""
     resources:
       - events
     verbs:
       - create
       - patch
   - apiGroups:
       - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
       - update
   - apiGroups:
       - networking.k8s.io
     resources:
       - ingressclasses
     verbs:
       - get
       - list
       - watch
   - apiGroups:
       - discovery.k8s.io
     resources:
       - endpointslices
     verbs:
       - list
       - watch
       - get
 {{- end }}

 {{- end }}
	{{- if .Values.rbac.create }}

	{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
	{{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
	{{- end }}

	{{- if not .Values.rbac.scope -}}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	labels:
	{{- include "ingress-nginx.labels" . \| nindent 4 }}
	{{- with .Values.controller.labels }}
	{{- toYaml . \| nindent 4 }}
	{{- end }}
	name: {{ include "ingress-nginx.fullname" . }}
	rules:
	- apiGroups:
	- ""
	resources:
	- configmaps
	- endpoints
	- nodes
	- pods
	- secrets
	{{- if not .Values.controller.scope.enabled }}
	- namespaces
	{{- end}}
	verbs:
	- list
	- watch
	- apiGroups:
	- coordination.k8s.io
	resources:
	- leases
	verbs:
	- list
	- watch
	{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
	- apiGroups:
	- ""
	resources:
	- namespaces
	resourceNames:
	- "{{ .Values.controller.scope.namespace }}"
	verbs:
	- get
	{{- end }}
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- get
	- apiGroups:
	- ""
	resources:
	- services
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- networking.k8s.io
	resources:
	- ingresses
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- apiGroups:
	- networking.k8s.io
	resources:
	- ingresses/status
	verbs:
	- update
	- apiGroups:
	- networking.k8s.io
	resources:
	- ingressclasses
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- discovery.k8s.io
	resources:
	- endpointslices
	verbs:
	- list
	- watch
	- get
	{{- end }}

	{{- end }}