Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 061077714bc4cb838a30d2af981dd35db4f57312 / . / charts / ingress-nginx / templates / controller-role.yaml
blob: 97c627dacb1e246b96ffef28a4d63b9aa12fbfba [file] [log] [blame]
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]1{{- if .Values.rbac.create -}}
2apiVersion: rbac.authorization.k8s.io/v1
3kind: Role
4metadata:
5 labels:
6 {{- include "ingress-nginx.labels" . | nindent 4 }}
7 app.kubernetes.io/component: controller
8 name: {{ include "ingress-nginx.fullname" . }}
9 namespace: {{ .Release.Namespace }}
10rules:
11 - apiGroups:
12 - ""
13 resources:
14 - namespaces
15 verbs:
16 - get
17 - apiGroups:
18 - ""
19 resources:
20 - configmaps
21 - pods
22 - secrets
23 - endpoints
24 verbs:
25 - get
26 - list
27 - watch
28 - apiGroups:
29 - ""
30 resources:
31 - services
32 verbs:
33 - get
34 - list
35 - watch
36 - apiGroups:
37 - networking.k8s.io
38 resources:
39 - ingresses
40 verbs:
41 - get
42 - list
43 - watch
44 - apiGroups:
45 - networking.k8s.io
46 resources:
47 - ingresses/status
48 verbs:
49 - update
50 - apiGroups:
51 - networking.k8s.io
52 resources:
53 - ingressclasses
54 verbs:
55 - get
56 - list
57 - watch
58 - apiGroups:
59 - ""
60 resources:
61 - configmaps
62 resourceNames:
63 - {{ .Values.controller.electionID }}
64 verbs:
65 - get
66 - update
67 - apiGroups:
68 - ""
69 resources:
70 - configmaps
71 verbs:
72 - create
73 - apiGroups:
74 - ""
75 resources:
76 - events
77 verbs:
78 - create
79 - patch
80{{- if .Values.podSecurityPolicy.enabled }}
81 - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
82 resources: ['podsecuritypolicies']
83 verbs: ['use']
84 {{- with .Values.controller.existingPsp }}
85 resourceNames: [{{ . }}]
86 {{- else }}
87 resourceNames: [{{ include "ingress-nginx.fullname" . }}]
88 {{- end }}
89{{- end }}
90{{- end }}