Mohammed Naser | 8a2c8fb | 2023-02-19 17:23:55 +0000 | [diff] [blame] | 1 | {{- if or .Values.rbac.pspEnabled .Values.rbac.sccEnabled }} |
| 2 | apiVersion: rbac.authorization.k8s.io/v1 |
| 3 | kind: Role |
| 4 | metadata: |
| 5 | name: {{ include "loki.name" . }} |
Giovanni Tirloni | 59219b6 | 2024-04-09 14:50:25 -0300 | [diff] [blame] | 6 | namespace: {{ $.Release.Namespace }} |
Mohammed Naser | 8a2c8fb | 2023-02-19 17:23:55 +0000 | [diff] [blame] | 7 | labels: |
| 8 | {{- include "loki.labels" . | nindent 4 }} |
| 9 | {{- if .Values.rbac.pspEnabled }} |
| 10 | rules: |
| 11 | - apiGroups: |
| 12 | - policy |
| 13 | resources: |
| 14 | - podsecuritypolicies |
| 15 | verbs: |
| 16 | - use |
| 17 | resourceNames: |
Giovanni Tirloni | 59219b6 | 2024-04-09 14:50:25 -0300 | [diff] [blame] | 18 | - {{ include "loki.name" . }} |
Mohammed Naser | 8a2c8fb | 2023-02-19 17:23:55 +0000 | [diff] [blame] | 19 | {{- end }} |
| 20 | {{- if .Values.rbac.sccEnabled }} |
| 21 | rules: |
| 22 | - apiGroups: |
| 23 | - security.openshift.io |
| 24 | resources: |
| 25 | - securitycontextconstraints |
| 26 | verbs: |
| 27 | - use |
| 28 | resourceNames: |
Giovanni Tirloni | 59219b6 | 2024-04-09 14:50:25 -0300 | [diff] [blame] | 29 | - {{ include "loki.name" . }} |
| 30 | {{- if and .Values.rbac.namespaced .Values.sidecar.rules.enabled }} |
| 31 | - apiGroups: [""] # "" indicates the core API group |
| 32 | resources: ["configmaps", "secrets"] |
| 33 | verbs: ["get", "watch", "list"] |
| 34 | {{- end }} |
Mohammed Naser | 8a2c8fb | 2023-02-19 17:23:55 +0000 | [diff] [blame] | 35 | {{- end }} |
| 36 | {{- end }} |