Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f9f0beec8492e05a459bd7080ad095b4cf9292bc / . / charts / ingress-nginx / templates / controller-role.yaml
blob: d1aa9aac737f295e937c1051fb1055a912b5ad95 [file] [log] [blame]
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]1{{- if .Values.rbac.create -}}
2apiVersion: rbac.authorization.k8s.io/v1
3kind: Role
4metadata:
5 labels:
6 {{- include "ingress-nginx.labels" . | nindent 4 }}
7 app.kubernetes.io/component: controller
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]8 {{- with .Values.controller.labels }}
9 {{- toYaml . | nindent 4 }}
10 {{- end }}
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]11 name: {{ include "ingress-nginx.fullname" . }}
12 namespace: {{ .Release.Namespace }}
13rules:
14 - apiGroups:
15 - ""
16 resources:
17 - namespaces
18 verbs:
19 - get
20 - apiGroups:
21 - ""
22 resources:
23 - configmaps
24 - pods
25 - secrets
26 - endpoints
27 verbs:
28 - get
29 - list
30 - watch
31 - apiGroups:
32 - ""
33 resources:
34 - services
35 verbs:
36 - get
37 - list
38 - watch
39 - apiGroups:
40 - networking.k8s.io
41 resources:
42 - ingresses
43 verbs:
44 - get
45 - list
46 - watch
47 - apiGroups:
48 - networking.k8s.io
49 resources:
50 - ingresses/status
51 verbs:
52 - update
53 - apiGroups:
54 - networking.k8s.io
55 resources:
56 - ingressclasses
57 verbs:
58 - get
59 - list
60 - watch
61 - apiGroups:
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]62 - coordination.k8s.io
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]63 resources:
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]64 - leases
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]65 resourceNames:
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]66 - {{ include "ingress-nginx.controller.electionID" . }}
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]67 verbs:
68 - get
69 - update
70 - apiGroups:
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]71 - coordination.k8s.io
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]72 resources:
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]73 - leases
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]74 verbs:
75 - create
76 - apiGroups:
77 - ""
78 resources:
79 - events
80 verbs:
81 - create
82 - patch
Giorgi Lekveishvilicccf72f2023-05-19 16:13:22 +0400[diff] [blame]83 - apiGroups:
84 - discovery.k8s.io
85 resources:
86 - endpointslices
87 verbs:
88 - list
89 - watch
90 - get
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +0400[diff] [blame]91{{- if .Values.podSecurityPolicy.enabled }}
92 - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
93 resources: ['podsecuritypolicies']
94 verbs: ['use']
95 {{- with .Values.controller.existingPsp }}
96 resourceNames: [{{ . }}]
97 {{- else }}
98 resourceNames: [{{ include "ingress-nginx.fullname" . }}]
99 {{- end }}
100{{- end }}
101{{- end }}