commit 725bb396274d8cd1f7ce2d28c63da3f53c9427b1
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Fri May 05 18:24:27 2023 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Fri May 05 18:24:27 2023 +0400
tree 79e2b7014fee9fdbd9ba9024d75bfed2d96d2782
parent d5f3820b4c1617018bcde63216b8b114f87bb813

charts

charts/ingress-nginx/templates/default-backend-role.yaml

diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml
new file mode 100644
index 0000000..5d29a2d
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-role.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "ingress-nginx.labels" . | nindent 4 }}
+    app.kubernetes.io/component: default-backend
+  name: {{ include "ingress-nginx.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
+    resources:      ['podsecuritypolicies']
+    verbs:          ['use']
+    {{- with .Values.defaultBackend.existingPsp }}
+    resourceNames:  [{{ . }}]
+    {{- else }}
+    resourceNames:  [{{ include "ingress-nginx.fullname" . }}-backend]
+    {{- end }}
+{{- end }}