Blame - charts/vector/templates/rbac.yaml - atmosphere

blob: 67375870433ef1760d3fc650bd37c75a86464092 [file] [log] [blame]

Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	1	{{- if and .Values.rbac.create (eq .Values.role "Agent") -}}
				2	# Permissions to use Kubernetes API.
				3	# Requires that RBAC authorization is enabled.
				4	apiVersion: rbac.authorization.k8s.io/v1
				5	kind: ClusterRole
				6	metadata:
				7	name: {{ include "vector.fullname" . }}
				8	labels:
				9	{{- include "vector.labels" . \| nindent 4 }}
				10	rules:
				11	- apiGroups:
				12	- ""
				13	resources:
				14	- namespaces
				15	- nodes
				16	- pods
				17	verbs:
				18	- list
				19	- watch
				20	{{- if and .Values.psp.create (.Capabilities.APIVersions.Has "policy/v1beta1") }}
				21	- apiGroups:
				22	- policy
				23	resources:
				24	- podsecuritypolicies
				25	verbs:
				26	- use
				27	resourceNames:
				28	- {{ include "vector.fullname" . }}
				29	{{- end }}
				30	---
				31	apiVersion: rbac.authorization.k8s.io/v1
				32	kind: ClusterRoleBinding
				33	metadata:
				34	name: {{ include "vector.fullname" . }}
				35	labels:
				36	{{- include "vector.labels" . \| nindent 4 }}
				37	roleRef:
				38	apiGroup: rbac.authorization.k8s.io
				39	kind: ClusterRole
				40	name: {{ include "vector.fullname" . }}
				41	subjects:
				42	- kind: ServiceAccount
				43	name: {{ include "vector.serviceAccountName" . }}
				44	namespace: {{ .Release.Namespace }}
				45	{{- end }}