Home Explore Help
Sign In
cecf
/
deploy
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e4538f3d9b
Branches Tags
deploy
/
ingress-nginx
/
templates
/
admission-webhooks
/
job-patch
/
clusterrole.yaml

clusterrole.yaml 1.1 KB
History Raw

12345678910111213141516171819202122232425262728293031323334 
  1. {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
    2. 

  2. apiVersion: rbac.authorization.k8s.io/v1
    3. 

  3. kind: ClusterRole
    4. 

  4. metadata:
    5. 

  5.   name: {{ include "ingress-nginx.fullname" . }}-admission
    6. 

  6.   annotations:
    7. 

  7.     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
    8. 

  8.     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
    9. 

  9.   labels:
    10. 

  10.     {{- include "ingress-nginx.labels" . | nindent 4 }}
    11. 

  11.     app.kubernetes.io/component: admission-webhook
    12. 

  12.     {{- with .Values.controller.admissionWebhooks.patch.labels }}
    13. 

  13.     {{- toYaml . | nindent 4 }}
    14. 

  14.     {{- end }}
    15. 

  15. rules:
    16. 

  16.   - apiGroups:
    17. 

  17.       - admissionregistration.k8s.io
    18. 

  18.     resources:
    19. 

  19.       - validatingwebhookconfigurations
    20. 

  20.     verbs:
    21. 

  21.       - get
    22. 

  22.       - update
    23. 

  23. {{- if .Values.podSecurityPolicy.enabled }}
    24. 

  24.   - apiGroups: ['extensions']
    25. 

  25.     resources: ['podsecuritypolicies']
    26. 

  26.     verbs:     ['use']
    27. 

  27.     resourceNames:
    28. 

  28.     {{- with .Values.controller.admissionWebhooks.existingPsp }}
    29. 

  29.     - {{ . }}
    30. 

  30.     {{- else }}
    31. 

  31.     - {{ include "ingress-nginx.fullname" . }}-admission
    32. 

  32.     {{- end }}
    33. 

  33. {{- end }}
    34. 

  34. {{- end }}
    35.