| 123456789101112131415161718192021222324252627282930313233343536373839 |
- {{- $saName := print (include "neo4j.fullname" .) "-sa" -}}
- {{- if .Values.serviceAccount.create -}}
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- {{- if .Values.serviceAccount.annotations }}
- annotations:
- {{- range $key, $value := .Values.serviceAccount.annotations }}
- {{ $key }}: "{{ $value }}"
- {{- end }}
- {{- end }}
- name: {{ default $saName .Values.serviceAccount.name }}
- {{ printf "\n" }}
- {{- end }}
- {{- if .Values.rbac.create -}}
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- name: {{ template "neo4j.fullname" . }}-service-reader
- rules:
- - apiGroups: [""] # "" indicates the core API group
- resources: ["services"]
- verbs: ["get", "watch", "list"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- name: {{ template "neo4j.fullname" . }}-sa-to-service-reader-binding
- subjects:
- - kind: ServiceAccount
- name: {{ default $saName .Values.serviceAccount.name }}
- roleRef:
- # "roleRef" specifies the binding to a Role / ClusterRole
- kind: Role # this must be Role or ClusterRole
- name: {{ template "neo4j.fullname" . }}-service-reader # this must match the name of the Role or ClusterRole you wish to bind to
- apiGroup: rbac.authorization.k8s.io
- {{- end}}
|
