apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ .Chart.Name }}-cluster-role rules: - apiGroups: - management.cattle.io resources: - ranchermetrics verbs: - get - apiGroups: - management.cattle.io resources: - rancherusernotifications resourceNames: - {{ template "csp-adapter.outputNotification" }} verbs: - "*" - apiGroups: - management.cattle.io resources: - rancherusernotifications verbs: - create - apiGroups: - management.cattle.io resources: - settings resourceNames: - {{ template "csp-adapter.hostnameSetting" }} - {{ template "csp-adapter.versionSetting" }} verbs: - get - list - watch - apiGroups: - apiregistration.k8s.io resources: - apiservices verbs: - get - list - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ .Chart.Name }}-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ .Chart.Name }}-cluster-role subjects: - kind: ServiceAccount name: {{ .Chart.Name }} namespace: cattle-csp-adapter-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Chart.Name }}-role namespace: cattle-csp-adapter-system rules: - apiGroups: - "" resources: - secrets resourceNames: - {{ template "csp-adapter.cacheSecret" }} verbs: - "*" - apiGroups: - "" resources: - secrets verbs: - create - apiGroups: - "" resources: - configmaps resourceNames: - {{ template "csp-adapter.outputConfigMap" }} verbs: - "*" - apiGroups: - "" resources: - configmaps verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Chart.Name }}-binding namespace: cattle-csp-adapter-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ .Chart.Name }}-role subjects: - kind: ServiceAccount name: {{ .Chart.Name }} namespace: cattle-csp-adapter-system