| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 2 | apiVersion: rbac.authorization.k8s.io/v1 |
| 3 | kind: ClusterRole |
| 4 | metadata: |
| 5 | name: {{ include "ingress-nginx.fullname" . }}-admission |
| 6 | annotations: |
| 7 | "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade |
| 8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
| 9 | labels: |
| 10 | {{- include "ingress-nginx.labels" . | nindent 4 }} |
| 11 | app.kubernetes.io/component: admission-webhook |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 12 | {{- with .Values.controller.admissionWebhooks.patch.labels }} |
| 13 | {{- toYaml . | nindent 4 }} |
| 14 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 15 | rules: |
| 16 | - apiGroups: |
| 17 | - admissionregistration.k8s.io |
| 18 | resources: |
| 19 | - validatingwebhookconfigurations |
| 20 | verbs: |
| 21 | - get |
| 22 | - update |
| 23 | {{- if .Values.podSecurityPolicy.enabled }} |
| 24 | - apiGroups: ['extensions'] |
| 25 | resources: ['podsecuritypolicies'] |
| 26 | verbs: ['use'] |
| 27 | resourceNames: |
| 28 | {{- with .Values.controller.admissionWebhooks.existingPsp }} |
| 29 | - {{ . }} |
| 30 | {{- else }} |
| 31 | - {{ include "ingress-nginx.fullname" . }}-admission |
| 32 | {{- end }} |
| 33 | {{- end }} |
| 34 | {{- end }} |