| Giorgi Lekveishvili | d1234c1 | 2023-06-19 10:37:06 +0400 | [diff] [blame] | 1 | {{- if .Values.startupapicheck.enabled }} |
| 2 | {{- if .Values.global.rbac.create }} |
| 3 | # create certificate role |
| 4 | apiVersion: rbac.authorization.k8s.io/v1 |
| 5 | kind: Role |
| 6 | metadata: |
| 7 | name: {{ template "startupapicheck.fullname" . }}:create-cert |
| 8 | namespace: {{ include "cert-manager.namespace" . }} |
| 9 | labels: |
| 10 | app: {{ include "startupapicheck.name" . }} |
| 11 | app.kubernetes.io/name: {{ include "startupapicheck.name" . }} |
| 12 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 13 | app.kubernetes.io/component: "startupapicheck" |
| 14 | {{- include "labels" . | nindent 4 }} |
| 15 | {{- with .Values.startupapicheck.rbac.annotations }} |
| 16 | annotations: |
| 17 | {{- toYaml . | nindent 4 }} |
| 18 | {{- end }} |
| 19 | rules: |
| 20 | - apiGroups: ["cert-manager.io"] |
| 21 | resources: ["certificates"] |
| 22 | verbs: ["create"] |
| 23 | --- |
| 24 | apiVersion: rbac.authorization.k8s.io/v1 |
| 25 | kind: RoleBinding |
| 26 | metadata: |
| 27 | name: {{ include "startupapicheck.fullname" . }}:create-cert |
| 28 | namespace: {{ include "cert-manager.namespace" . }} |
| 29 | labels: |
| 30 | app: {{ include "startupapicheck.name" . }} |
| 31 | app.kubernetes.io/name: {{ include "startupapicheck.name" . }} |
| 32 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 33 | app.kubernetes.io/component: "startupapicheck" |
| 34 | {{- include "labels" . | nindent 4 }} |
| 35 | {{- with .Values.startupapicheck.rbac.annotations }} |
| 36 | annotations: |
| 37 | {{- toYaml . | nindent 4 }} |
| 38 | {{- end }} |
| 39 | roleRef: |
| 40 | apiGroup: rbac.authorization.k8s.io |
| 41 | kind: Role |
| 42 | name: {{ template "startupapicheck.fullname" . }}:create-cert |
| 43 | subjects: |
| 44 | - kind: ServiceAccount |
| 45 | name: {{ template "startupapicheck.serviceAccountName" . }} |
| 46 | namespace: {{ include "cert-manager.namespace" . }} |
| 47 | {{- end }} |
| 48 | {{- end }} |