| 1234567891011121314151617181920212223242526272829303132 |
- {{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
- apiVersion: {{ template "grafana.rbac.apiVersion" . }}
- kind: Role
- metadata:
- name: {{ template "grafana.fullname" . }}
- namespace: {{ template "grafana.namespace" . }}
- labels:
- {{- include "grafana.labels" . | nindent 4 }}
- {{- with .Values.annotations }}
- annotations:
- {{ toYaml . | indent 4 }}
- {{- end }}
- {{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }}
- rules:
- {{- if .Values.rbac.pspEnabled }}
- - apiGroups: ['extensions']
- resources: ['podsecuritypolicies']
- verbs: ['use']
- resourceNames: [{{ template "grafana.fullname" . }}]
- {{- end }}
- {{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }}
- - apiGroups: [""] # "" indicates the core API group
- resources: ["configmaps", "secrets"]
- verbs: ["get", "watch", "list"]
- {{- end }}
- {{- with .Values.rbac.extraRoleRules }}
- {{ toYaml . | indent 0 }}
- {{- end}}
- {{- else }}
- rules: []
- {{- end }}
- {{- end }}
|
