Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / ingress-nginx / templates / clusterrole.yaml
blob: 51bc5002cc7196a24cb5073c768d01a3dc82b762 [file] [log] [blame]
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]1{{- if .Values.rbac.create }}
2
3{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
4 {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
5{{- end }}
6
7{{- if not .Values.rbac.scope -}}
8apiVersion: rbac.authorization.k8s.io/v1
9kind: ClusterRole
10metadata:
11 labels:
12 {{- include "ingress-nginx.labels" . | nindent 4 }}
13 {{- with .Values.controller.labels }}
14 {{- toYaml . | nindent 4 }}
15 {{- end }}
16 name: {{ include "ingress-nginx.fullname" . }}
17rules:
18 - apiGroups:
19 - ""
20 resources:
21 - configmaps
22 - endpoints
23 - nodes
24 - pods
25 - secrets
26{{- if not .Values.controller.scope.enabled }}
27 - namespaces
28{{- end}}
29 verbs:
30 - list
31 - watch
Yaguang Tang05fcc682025-03-25 14:24:29 +0800[diff] [blame]32 - apiGroups:
33 - coordination.k8s.io
34 resources:
35 - leases
36 verbs:
37 - list
38 - watch
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]39{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
40 - apiGroups:
41 - ""
42 resources:
43 - namespaces
44 resourceNames:
45 - "{{ .Values.controller.scope.namespace }}"
46 verbs:
47 - get
48{{- end }}
49 - apiGroups:
50 - ""
51 resources:
52 - nodes
53 verbs:
54 - get
55 - apiGroups:
56 - ""
57 resources:
58 - services
59 verbs:
60 - get
61 - list
62 - watch
63 - apiGroups:
64 - networking.k8s.io
65 resources:
66 - ingresses
67 verbs:
68 - get
69 - list
70 - watch
71 - apiGroups:
72 - ""
73 resources:
74 - events
75 verbs:
76 - create
77 - patch
78 - apiGroups:
79 - networking.k8s.io
80 resources:
81 - ingresses/status
82 verbs:
83 - update
84 - apiGroups:
85 - networking.k8s.io
86 resources:
87 - ingressclasses
88 verbs:
89 - get
90 - list
91 - watch
Yaguang Tang05fcc682025-03-25 14:24:29 +0800[diff] [blame]92 - apiGroups:
93 - discovery.k8s.io
94 resources:
95 - endpointslices
96 verbs:
97 - list
98 - watch
99 - get
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]100{{- end }}
101
102{{- end }}