Blame - charts/loki/templates/role.yaml - atmosphere

blob: 1e714b606b93cdac49671a27ea139a9e341ec46a [file] [log] [blame]

Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	1	{{- if or .Values.rbac.pspEnabled .Values.rbac.sccEnabled }}
				2	apiVersion: rbac.authorization.k8s.io/v1
				3	kind: Role
				4	metadata:
				5	name: {{ include "loki.name" . }}
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	6	namespace: {{ $.Release.Namespace }}
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	7	labels:
				8	{{- include "loki.labels" . \| nindent 4 }}
				9	{{- if .Values.rbac.pspEnabled }}
				10	rules:
				11	- apiGroups:
				12	- policy
				13	resources:
				14	- podsecuritypolicies
				15	verbs:
				16	- use
				17	resourceNames:
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	18	- {{ include "loki.name" . }}
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	19	{{- end }}
				20	{{- if .Values.rbac.sccEnabled }}
				21	rules:
				22	- apiGroups:
				23	- security.openshift.io
				24	resources:
				25	- securitycontextconstraints
				26	verbs:
				27	- use
				28	resourceNames:
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	29	- {{ include "loki.name" . }}
				30	{{- if and .Values.rbac.namespaced .Values.sidecar.rules.enabled }}
				31	- apiGroups: [""] # "" indicates the core API group
				32	resources: ["configmaps", "secrets"]
				33	verbs: ["get", "watch", "list"]
				34	{{- end }}
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	35	{{- end }}
				36	{{- end }}