Home Explore Help
Sign In
cecf
/
deploy
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e4538f3d9b
Branches Tags
deploy
/
ingress-nginx
/
templates
/
clusterrole.yaml

clusterrole.yaml 1.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. {{- if .Values.rbac.create }}
    2. 

  2. 

  3. {{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
    4. 

  4.   {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
    5. 

  5. {{- end }}
    6. 

  6. 

  7. {{- if not .Values.rbac.scope -}}
    8. 

  8. apiVersion: rbac.authorization.k8s.io/v1
    9. 

  9. kind: ClusterRole
    10. 

  10. metadata:
    11. 

  11.   labels:
    12. 

  12.     {{- include "ingress-nginx.labels" . | nindent 4 }}
    13. 

  13.     {{- with .Values.controller.labels }}
    14. 

  14.     {{- toYaml . | nindent 4 }}
    15. 

  15.     {{- end }}
    16. 

  16.   name: {{ include "ingress-nginx.fullname" . }}
    17. 

  17. rules:
    18. 

  18.   - apiGroups:
    19. 

  19.       - ""
    20. 

  20.     resources:
    21. 

  21.       - configmaps
    22. 

  22.       - endpoints
    23. 

  23.       - nodes
    24. 

  24.       - pods
    25. 

  25.       - secrets
    26. 

  26. {{- if not .Values.controller.scope.enabled }}
    27. 

  27.       - namespaces
    28. 

  28. {{- end}}
    29. 

  29.     verbs:
    30. 

  30.       - list
    31. 

  31.       - watch
    32. 

  32.   - apiGroups:
    33. 

  33.       - coordination.k8s.io
    34. 

  34.     resources:
    35. 

  35.       - leases
    36. 

  36.     verbs:
    37. 

  37.       - list
    38. 

  38.       - watch
    39. 

  39. {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
    40. 

  40.   - apiGroups:
    41. 

  41.       - ""
    42. 

  42.     resources:
    43. 

  43.       - namespaces
    44. 

  44.     resourceNames:
    45. 

  45.       - "{{ .Values.controller.scope.namespace }}"
    46. 

  46.     verbs:
    47. 

  47.       - get
    48. 

  48. {{- end }}
    49. 

  49.   - apiGroups:
    50. 

  50.       - ""
    51. 

  51.     resources:
    52. 

  52.       - nodes
    53. 

  53.     verbs:
    54. 

  54.       - get
    55. 

  55.   - apiGroups:
    56. 

  56.       - ""
    57. 

  57.     resources:
    58. 

  58.       - services
    59. 

  59.     verbs:
    60. 

  60.       - get
    61. 

  61.       - list
    62. 

  62.       - watch
    63. 

  63.   - apiGroups:
    64. 

  64.       - networking.k8s.io
    65. 

  65.     resources:
    66. 

  66.       - ingresses
    67. 

  67.     verbs:
    68. 

  68.       - get
    69. 

  69.       - list
    70. 

  70.       - watch
    71. 

  71.   - apiGroups:
    72. 

  72.       - ""
    73. 

  73.     resources:
    74. 

  74.       - events
    75. 

  75.     verbs:
    76. 

  76.       - create
    77. 

  77.       - patch
    78. 

  78.   - apiGroups:
    79. 

  79.       - networking.k8s.io
    80. 

  80.     resources:
    81. 

  81.       - ingresses/status
    82. 

  82.     verbs:
    83. 

  83.       - update
    84. 

  84.   - apiGroups:
    85. 

  85.       - networking.k8s.io
    86. 

  86.     resources:
    87. 

  87.       - ingressclasses
    88. 

  88.     verbs:
    89. 

  89.       - get
    90. 

  90.       - list
    91. 

  91.       - watch
    92. 

  92.   - apiGroups:
    93. 

  93.       - discovery.k8s.io
    94. 

  94.     resources:
    95. 

  95.       - endpointslices
    96. 

  96.     verbs:
    97. 

  97.       - list
    98. 

  98.       - watch
    99. 

  99.       - get
    100. 

  100. {{- end }}
    101. 

  101. 

  102. {{- end }}
    103.