charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml - pcloud - Gitiles

 {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "ingress-nginx.fullname" . }}-admission
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
   labels:
     {{- include "ingress-nginx.labels" . | nindent 4 }}
     app.kubernetes.io/component: admission-webhook
     {{- with .Values.controller.admissionWebhooks.patch.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
 rules:
   - apiGroups:
       - admissionregistration.k8s.io
     resources:
       - validatingwebhookconfigurations
     verbs:
       - get
       - update
 {{- if .Values.podSecurityPolicy.enabled }}
   - apiGroups: ['extensions']
     resources: ['podsecuritypolicies']
     verbs:     ['use']
     resourceNames:
     {{- with .Values.controller.admissionWebhooks.existingPsp }}
     - {{ . }}
     {{- else }}
     - {{ include "ingress-nginx.fullname" . }}-admission
     {{- end }}
 {{- end }}
 {{- end }}
	{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: {{ include "ingress-nginx.fullname" . }}-admission
	annotations:
	"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
	"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
	labels:
	{{- include "ingress-nginx.labels" . \| nindent 4 }}
	app.kubernetes.io/component: admission-webhook
	{{- with .Values.controller.admissionWebhooks.patch.labels }}
	{{- toYaml . \| nindent 4 }}
	{{- end }}
	rules:
	- apiGroups:
	- admissionregistration.k8s.io
	resources:
	- validatingwebhookconfigurations
	verbs:
	- get
	- update
	{{- if .Values.podSecurityPolicy.enabled }}
	- apiGroups: ['extensions']
	resources: ['podsecuritypolicies']
	verbs: ['use']
	resourceNames:
	{{- with .Values.controller.admissionWebhooks.existingPsp }}
	- {{ . }}
	{{- else }}
	- {{ include "ingress-nginx.fullname" . }}-admission
	{{- end }}
	{{- end }}
	{{- end }}