| 1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- {{- if .Values.rbac.create }}
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: {{ include "shop-recycle.serviceAccountName" . }}
- labels:
- {{- include "shop-recycle.labels" . | nindent 4 }}
- namespace: {{ .Release.Namespace }}
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: {{ include "shop-recycle.fullname" . }}
- labels:
- {{- include "shop-recycle.labels" . | nindent 4 }}
- rules:
- - apiGroups: [""]
- resources: ["configmaps", "endpoints", "services"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["pods"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["namespaces"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["apps"]
- resources: ["deployments", "statefulsets"]
- verbs: ["get", "list", "watch"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: {{ include "shop-recycle.fullname" . }}
- labels:
- {{- include "shop-recycle.labels" . | nindent 4 }}
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: {{ include "shop-recycle.fullname" . }}
- subjects:
- - kind: ServiceAccount
- name: {{ include "shop-recycle.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
- {{- end }}
|
