| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 |
- {{- if .Values.rbac.create }}
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1beta1
- metadata:
- name: nginx-ingress
- labels:
- app: {{ .Values.controller.name | trunc 63 }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
- rules:
- - apiGroups:
- - ""
- resources:
- - services
- - endpoints
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - update
- - create
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - list
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - extensions
- resources:
- - ingresses
- verbs:
- - get
- - list
- - watch
- {{- if .Values.controller.reportIngressStatus.enable }}
- - apiGroups:
- - "extensions"
- resources:
- - ingresses/status
- verbs:
- - update
- {{- end }}
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1beta1
- metadata:
- name: nginx-ingress
- labels:
- app: {{ .Values.controller.name | trunc 63 }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
- subjects:
- - kind: ServiceAccount
- name: {{ .Values.controller.serviceAccount.name }}
- namespace: {{ .Release.Namespace }}
- roleRef:
- kind: ClusterRole
- name: nginx-ingress
- apiGroup: rbac.authorization.k8s.io
- {{- end }}
|
