rancher-charts/charts/rancher-gatekeeper/102.0.0+up3.10.0/templates/gatekeeper-manager-role-clu...

{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  labels:
    app: '{{ template "gatekeeper.name" . }}'
    chart: '{{ template "gatekeeper.name" . }}'
    gatekeeper.sh/system: "yes"
    heritage: '{{ .Release.Service }}'
    release: '{{ .Release.Name }}'
  name: gatekeeper-manager-role
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - admissionregistration.k8s.io
  resourceNames:
  - gatekeeper-mutating-webhook-configuration
  resources:
  - mutatingwebhookconfigurations
  verbs:
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - config.gatekeeper.sh
  resources:
  - configs
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - config.gatekeeper.sh
  resources:
  - configs/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - constraints.gatekeeper.sh
  resources:
  - '*'
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - externaldata.gatekeeper.sh
  resources:
  - providers
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - mutations.gatekeeper.sh
  resources:
  - '*'
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
{{- if .Values.global.cattle.psp.enabled }}
- apiGroups:
  - policy
  resourceNames:
  - gatekeeper-admin
  resources:
  - podsecuritypolicies
  verbs:
  - use
{{- end }}
- apiGroups:
  - status.gatekeeper.sh
  resources:
  - '*'
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - templates.gatekeeper.sh
  resources:
  - constrainttemplates
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - templates.gatekeeper.sh
  resources:
  - constrainttemplates/finalizers
  verbs:
  - delete
  - get
  - patch
  - update
- apiGroups:
  - templates.gatekeeper.sh
  resources:
  - constrainttemplates/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - admissionregistration.k8s.io
  resourceNames:
  - gatekeeper-validating-webhook-configuration
  resources:
  - validatingwebhookconfigurations
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
{{- end }}
make charts 2023-01-27 21:40:04 +00:00			`{{- if .Values.rbac.create }}`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`creationTimestamp: null`
			`labels:`
			`app: '{{ template "gatekeeper.name" . }}'`
			`chart: '{{ template "gatekeeper.name" . }}'`
			`gatekeeper.sh/system: "yes"`
			`heritage: '{{ .Release.Service }}'`
			`release: '{{ .Release.Name }}'`
			`name: gatekeeper-manager-role`
			`rules:`
			`- apiGroups:`
			`- '*'`
			`resources:`
			`- '*'`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- admissionregistration.k8s.io`
			`resourceNames:`
			`- gatekeeper-mutating-webhook-configuration`
			`resources:`
			`- mutatingwebhookconfigurations`
			`verbs:`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- apiextensions.k8s.io`
			`resources:`
			`- customresourcedefinitions`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- config.gatekeeper.sh`
			`resources:`
			`- configs`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- config.gatekeeper.sh`
			`resources:`
			`- configs/status`
			`verbs:`
			`- get`
			`- patch`
			`- update`
			`- apiGroups:`
			`- constraints.gatekeeper.sh`
			`resources:`
			`- '*'`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- externaldata.gatekeeper.sh`
			`resources:`
			`- providers`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- mutations.gatekeeper.sh`
			`resources:`
			`- '*'`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`{{- if .Values.global.cattle.psp.enabled }}`
			`- apiGroups:`
			`- policy`
			`resourceNames:`
			`- gatekeeper-admin`
			`resources:`
			`- podsecuritypolicies`
			`verbs:`
			`- use`
			`{{- end }}`
			`- apiGroups:`
			`- status.gatekeeper.sh`
			`resources:`
			`- '*'`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- templates.gatekeeper.sh`
			`resources:`
			`- constrainttemplates`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`- apiGroups:`
			`- templates.gatekeeper.sh`
			`resources:`
			`- constrainttemplates/finalizers`
			`verbs:`
			`- delete`
			`- get`
			`- patch`
			`- update`
			`- apiGroups:`
			`- templates.gatekeeper.sh`
			`resources:`
			`- constrainttemplates/status`
			`verbs:`
			`- get`
			`- patch`
			`- update`
			`- apiGroups:`
			`- admissionregistration.k8s.io`
			`resourceNames:`
			`- gatekeeper-validating-webhook-configuration`
			`resources:`
			`- validatingwebhookconfigurations`
			`verbs:`
			`- create`
			`- delete`
			`- get`
			`- list`
			`- patch`
			`- update`
			`- watch`
			`{{- end }}`