{{- if .Values.cloudControllerManager.rbac.enabled -}}
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    name: servicecatalog.k8s.io:apiserver-authentication-reader
    labels:
      vsphere-cpi-infra: role-binding
      component: {{ .Chart.Name }}-cloud-controller-manager
    namespace: {{ .Release.Namespace }}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: extension-apiserver-authentication-reader
  subjects:
  - apiGroup: ""
    kind: ServiceAccount
    name: {{ .Chart.Name }}-cloud-controller-manager
    namespace: {{ .Release.Namespace }}
  - apiGroup: ""
    kind: User
    name: {{ .Chart.Name }}-cloud-controller-manager
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: system:{{ .Chart.Name }}-cloud-controller-manager
    labels:
      vsphere-cpi-infra: cluster-role-binding
      component: {{ .Chart.Name }}-cloud-controller-manager
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:{{ .Chart.Name }}-cloud-controller-manager
  subjects:
  - kind: ServiceAccount
    name: {{ .Chart.Name }}-cloud-controller-manager
    namespace: {{ .Release.Namespace }}
  - kind: User
    name: {{ .Chart.Name }}-cloud-controller-manager
{{- end -}}