Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / ingress-nginx / templates / controller-role.yaml
blob: 127b368c469f2f803954b59689c8d0ab736edc29 [file] [log] [blame]
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]1{{- if .Values.rbac.create -}}
2apiVersion: rbac.authorization.k8s.io/v1
3kind: Role
4metadata:
5 labels:
6 {{- include "ingress-nginx.labels" . | nindent 4 }}
7 app.kubernetes.io/component: controller
8 {{- with .Values.controller.labels }}
9 {{- toYaml . | nindent 4 }}
10 {{- end }}
11 name: {{ include "ingress-nginx.fullname" . }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]12 namespace: {{ include "ingress-nginx.namespace" . }}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]13rules:
14 - apiGroups:
15 - ""
16 resources:
17 - namespaces
18 verbs:
19 - get
20 - apiGroups:
21 - ""
22 resources:
23 - configmaps
24 - pods
25 - secrets
26 - endpoints
27 verbs:
28 - get
29 - list
30 - watch
31 - apiGroups:
32 - ""
33 resources:
34 - services
35 verbs:
36 - get
37 - list
38 - watch
39 - apiGroups:
40 - networking.k8s.io
41 resources:
42 - ingresses
43 verbs:
44 - get
45 - list
46 - watch
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]47 # Omit Ingress status permissions if `--update-status` is disabled.
48 {{- if ne (index .Values.controller.extraArgs "update-status") "false" }}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]49 - apiGroups:
50 - networking.k8s.io
51 resources:
52 - ingresses/status
53 verbs:
54 - update
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]55 {{- end }}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]56 - apiGroups:
57 - networking.k8s.io
58 resources:
59 - ingressclasses
60 verbs:
61 - get
62 - list
63 - watch
64 - apiGroups:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]65 - coordination.k8s.io
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]66 resources:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]67 - leases
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]68 resourceNames:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]69 - {{ include "ingress-nginx.controller.electionID" . }}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]70 verbs:
71 - get
72 - update
73 - apiGroups:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]74 - coordination.k8s.io
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]75 resources:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]76 - leases
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]77 verbs:
78 - create
79 - apiGroups:
80 - ""
81 resources:
82 - events
83 verbs:
84 - create
85 - patch
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]86 - apiGroups:
87 - discovery.k8s.io
88 resources:
89 - endpointslices
90 verbs:
91 - list
92 - watch
93 - get
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]94{{- end }}