charts/loki/templates/role.yaml - atmosphere - Gitiles

 {{- if or .Values.rbac.pspEnabled .Values.rbac.sccEnabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "loki.name" . }}
   namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "loki.labels" . | nindent 4 }}
 {{- if .Values.rbac.pspEnabled }}
 rules:
   - apiGroups:
       - policy
     resources:
       - podsecuritypolicies
     verbs:
       - use
     resourceNames:
       - {{ include "loki.name" . }}
 {{- end }}
 {{- if .Values.rbac.sccEnabled }}
 rules:
   - apiGroups:
       - security.openshift.io
     resources:
       - securitycontextconstraints
     verbs:
       - use
     resourceNames:
       - {{ include "loki.name" . }}
   {{- if and .Values.rbac.namespaced .Values.sidecar.rules.enabled }}
   - apiGroups: [""] # "" indicates the core API group
     resources: ["configmaps", "secrets"]
     verbs: ["get", "watch", "list"]
   {{- end }}
 {{- end }}
 {{- end }}
	{{- if or .Values.rbac.pspEnabled .Values.rbac.sccEnabled }}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: {{ include "loki.name" . }}
	namespace: {{ $.Release.Namespace }}
	labels:
	{{- include "loki.labels" . \| nindent 4 }}
	{{- if .Values.rbac.pspEnabled }}
	rules:
	- apiGroups:
	- policy
	resources:
	- podsecuritypolicies
	verbs:
	- use
	resourceNames:
	- {{ include "loki.name" . }}
	{{- end }}
	{{- if .Values.rbac.sccEnabled }}
	rules:
	- apiGroups:
	- security.openshift.io
	resources:
	- securitycontextconstraints
	verbs:
	- use
	resourceNames:
	- {{ include "loki.name" . }}
	{{- if and .Values.rbac.namespaced .Values.sidecar.rules.enabled }}
	- apiGroups: [""] # "" indicates the core API group
	resources: ["configmaps", "secrets"]
	verbs: ["get", "watch", "list"]
	{{- end }}
	{{- end }}
	{{- end }}