rancher-partner-charts/charts/linkerd/linkerd-control-plane/templates/destination-rbac.yaml

---
###
### Destination Controller Service
###
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: linkerd-{{.Release.Namespace}}-destination
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
rules:
- apiGroups: ["apps"]
  resources: ["replicasets"]
  verbs: ["list", "get", "watch"]
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["list", "get", "watch"]
- apiGroups: [""]
  resources: ["pods", "endpoints", "services", "nodes"]
  verbs: ["list", "get", "watch"]
- apiGroups: ["linkerd.io"]
  resources: ["serviceprofiles"]
  verbs: ["list", "get", "watch"]
  {{- if .Values.enableEndpointSlices }}
- apiGroups: ["discovery.k8s.io"]
  resources: ["endpointslices"]
  verbs: ["list", "get", "watch"]
  {{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: linkerd-{{.Release.Namespace}}-destination
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: linkerd-{{.Release.Namespace}}-destination
subjects:
- kind: ServiceAccount
  name: linkerd-destination
  namespace: {{.Release.Namespace}}
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: linkerd-destination
  namespace: {{ .Release.Namespace }}
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}
---
{{- $host := printf "linkerd-sp-validator.%s.svc" .Release.Namespace }}
{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}
{{- if (not .Values.profileValidator.externalSecret) }}
kind: Secret
apiVersion: v1
metadata:
  name: linkerd-sp-validator-k8s-tls
  namespace: {{ .Release.Namespace }}
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
  annotations:
    {{ include "partials.annotations.created-by" . }}
type: kubernetes.io/tls
data:
  tls.crt: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.profileValidator.crtPEM)) (empty .Values.profileValidator.crtPEM) }}
  tls.key: {{ ternary (b64enc (trim $ca.Key)) (b64enc (trim .Values.profileValidator.keyPEM)) (empty .Values.profileValidator.keyPEM) }}
---
{{- end }}
{{- include "linkerd.webhook.validation" .Values.profileValidator }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: linkerd-sp-validator-webhook-config
  {{- if or (.Values.profileValidator.injectCaFrom) (.Values.profileValidator.injectCaFromSecret) }}
  annotations:
  {{- if .Values.profileValidator.injectCaFrom }}
    cert-manager.io/inject-ca-from: {{ .Values.profileValidator.injectCaFrom }}
  {{- end }}
  {{- if .Values.profileValidator.injectCaFromSecret }}
    cert-manager.io/inject-ca-from-secret: {{ .Values.profileValidator.injectCaFromSecret }}
  {{- end }}
  {{- end }}
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
webhooks:
- name: linkerd-sp-validator.linkerd.io
  namespaceSelector:
    {{- toYaml .Values.profileValidator.namespaceSelector | trim | nindent 4 }}
  clientConfig:
    service:
      name: linkerd-sp-validator
      namespace: {{ .Release.Namespace }}
      path: "/"
    {{- if and (empty .Values.profileValidator.injectCaFrom) (empty .Values.profileValidator.injectCaFromSecret) }}
    caBundle: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.profileValidator.caBundle)) (empty .Values.profileValidator.caBundle) }}
    {{- end }}
  failurePolicy: {{.Values.webhookFailurePolicy}}
  admissionReviewVersions: ["v1", "v1beta1"]
  rules:
  - operations: ["CREATE", "UPDATE"]
    apiGroups: ["linkerd.io"]
    apiVersions: ["v1alpha1", "v1alpha2"]
    resources: ["serviceprofiles"]
  sideEffects: None
---
{{- $host := printf "linkerd-policy-validator.%s.svc" .Release.Namespace }}
{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}
{{- if (not .Values.policyValidator.externalSecret) }}
kind: Secret
apiVersion: v1
metadata:
  name: linkerd-policy-validator-k8s-tls
  namespace: {{ .Release.Namespace }}
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
  annotations:
    {{ include "partials.annotations.created-by" . }}
type: kubernetes.io/tls
data:
  tls.crt: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.policyValidator.crtPEM)) (empty .Values.policyValidator.crtPEM) }}
  tls.key: {{ ternary (b64enc (trim $ca.Key)) (b64enc (trim .Values.policyValidator.keyPEM)) (empty .Values.policyValidator.keyPEM) }}
---
{{- end }}
{{- include "linkerd.webhook.validation" .Values.policyValidator }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: linkerd-policy-validator-webhook-config
  {{- if or (.Values.policyValidator.injectCaFrom) (.Values.policyValidator.injectCaFromSecret) }}
  annotations:
  {{- if .Values.policyValidator.injectCaFrom }}
    cert-manager.io/inject-ca-from: {{ .Values.policyValidator.injectCaFrom }}
  {{- end }}
  {{- if .Values.policyValidator.injectCaFromSecret }}
    cert-manager.io/inject-ca-from-secret: {{ .Values.policyValidator.injectCaFromSecret }}
  {{- end }}
  {{- end }}
  labels:
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
webhooks:
- name: linkerd-policy-validator.linkerd.io
  namespaceSelector:
    {{- toYaml .Values.policyValidator.namespaceSelector | trim | nindent 4 }}
  clientConfig:
    service:
      name: linkerd-policy-validator
      namespace: {{ .Release.Namespace }}
      path: "/"
    {{- if and (empty .Values.policyValidator.injectCaFrom) (empty .Values.policyValidator.injectCaFromSecret) }}
    caBundle: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.policyValidator.caBundle)) (empty .Values.policyValidator.caBundle) }}
    {{- end }}
  failurePolicy: {{.Values.webhookFailurePolicy}}
  admissionReviewVersions: ["v1", "v1beta1"]
  rules:
  - operations: ["CREATE", "UPDATE"]
    apiGroups: ["policy.linkerd.io"]
    apiVersions: ["v1alpha1", "v1beta1"]
    resources:
    - authorizationpolicies
    - httproutes
    - networkauthentications
    - meshtlsauthentications
    - serverauthorizations
    - servers
  sideEffects: None
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: linkerd-policy
  labels:
    app.kubernetes.io/part-of: Linkerd
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - apps
    resources:
      - deployments
    verbs:
      - get
  - apiGroups:
      - policy.linkerd.io
    resources:
      - authorizationpolicies
      - httproutes
      - meshtlsauthentications
      - networkauthentications
      - servers
      - serverauthorizations
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - gateway.networking.k8s.io
    resources:
      - httproutes
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - policy.linkerd.io
    resources:
      - httproutes/status
    verbs:
      - patch
  - apiGroups:
      - gateway.networking.k8s.io
    resources:
      - httproutes/status
    verbs:
      - patch
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - create
      - get
      - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: linkerd-destination-policy
  labels:
    app.kubernetes.io/part-of: Linkerd
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: linkerd-policy
subjects:
  - kind: ServiceAccount
    name: linkerd-destination
    namespace: {{.Release.Namespace}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: remote-discovery
  namespace: {{.Release.Namespace}}
  labels:
    app.kubernetes.io/part-of: Linkerd
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: linkerd-destination-remote-discovery
  namespace: {{.Release.Namespace}}
  labels:
    app.kubernetes.io/part-of: Linkerd
    linkerd.io/control-plane-component: destination
    linkerd.io/control-plane-ns: {{.Release.Namespace}}
    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: remote-discovery
subjects:
  - kind: ServiceAccount
    name: linkerd-destination
    namespace: {{.Release.Namespace}}
make charts 2021-09-30 22:13:01 +00:00			`---`
			`###`
			`### Destination Controller Service`
			`###`
			`kind: ClusterRole`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`name: linkerd-{{.Release.Namespace}}-destination`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`rules:`
			`- apiGroups: ["apps"]`
			`resources: ["replicasets"]`
			`verbs: ["list", "get", "watch"]`
			`- apiGroups: ["batch"]`
			`resources: ["jobs"]`
			`verbs: ["list", "get", "watch"]`
			`- apiGroups: [""]`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`resources: ["pods", "endpoints", "services", "nodes"]`
make charts 2021-09-30 22:13:01 +00:00			`verbs: ["list", "get", "watch"]`
			`- apiGroups: ["linkerd.io"]`
			`resources: ["serviceprofiles"]`
			`verbs: ["list", "get", "watch"]`
			`{{- if .Values.enableEndpointSlices }}`
			`- apiGroups: ["discovery.k8s.io"]`
			`resources: ["endpointslices"]`
			`verbs: ["list", "get", "watch"]`
			`{{- end }}`
			`---`
			`kind: ClusterRoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`name: linkerd-{{.Release.Namespace}}-destination`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`name: linkerd-{{.Release.Namespace}}-destination`
make charts 2021-09-30 22:13:01 +00:00			`subjects:`
			`- kind: ServiceAccount`
			`name: linkerd-destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{.Release.Namespace}}`
make charts 2021-09-30 22:13:01 +00:00			`---`
			`kind: ServiceAccount`
			`apiVersion: v1`
			`metadata:`
			`name: linkerd-destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{ .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}`
			`---`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- $host := printf "linkerd-sp-validator.%s.svc" .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}`
			`{{- if (not .Values.profileValidator.externalSecret) }}`
			`kind: Secret`
			`apiVersion: v1`
			`metadata:`
			`name: linkerd-sp-validator-k8s-tls`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{ .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`annotations:`
			`{{ include "partials.annotations.created-by" . }}`
			`type: kubernetes.io/tls`
			`data:`
			`tls.crt: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.profileValidator.crtPEM)) (empty .Values.profileValidator.crtPEM) }}`
			`tls.key: {{ ternary (b64enc (trim $ca.Key)) (b64enc (trim .Values.profileValidator.keyPEM)) (empty .Values.profileValidator.keyPEM) }}`
			`---`
			`{{- end }}`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- include "linkerd.webhook.validation" .Values.profileValidator }}`
make charts 2021-09-30 22:13:01 +00:00			`apiVersion: admissionregistration.k8s.io/v1`
			`kind: ValidatingWebhookConfiguration`
			`metadata:`
			`name: linkerd-sp-validator-webhook-config`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- if or (.Values.profileValidator.injectCaFrom) (.Values.profileValidator.injectCaFromSecret) }}`
			`annotations:`
			`{{- if .Values.profileValidator.injectCaFrom }}`
			`cert-manager.io/inject-ca-from: {{ .Values.profileValidator.injectCaFrom }}`
			`{{- end }}`
			`{{- if .Values.profileValidator.injectCaFromSecret }}`
			`cert-manager.io/inject-ca-from-secret: {{ .Values.profileValidator.injectCaFromSecret }}`
			`{{- end }}`
			`{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`webhooks:`
			`- name: linkerd-sp-validator.linkerd.io`
			`namespaceSelector:`
			`{{- toYaml .Values.profileValidator.namespaceSelector \| trim \| nindent 4 }}`
			`clientConfig:`
			`service:`
			`name: linkerd-sp-validator`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{ .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`path: "/"`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- if and (empty .Values.profileValidator.injectCaFrom) (empty .Values.profileValidator.injectCaFromSecret) }}`
make charts 2021-09-30 22:13:01 +00:00			`caBundle: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.profileValidator.caBundle)) (empty .Values.profileValidator.caBundle) }}`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`failurePolicy: {{.Values.webhookFailurePolicy}}`
			`admissionReviewVersions: ["v1", "v1beta1"]`
			`rules:`
			`- operations: ["CREATE", "UPDATE"]`
			`apiGroups: ["linkerd.io"]`
			`apiVersions: ["v1alpha1", "v1alpha2"]`
			`resources: ["serviceprofiles"]`
			`sideEffects: None`
			`---`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- $host := printf "linkerd-policy-validator.%s.svc" .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`{{- $ca := genSelfSignedCert $host (list) (list $host) 365 }}`
			`{{- if (not .Values.policyValidator.externalSecret) }}`
			`kind: Secret`
			`apiVersion: v1`
			`metadata:`
			`name: linkerd-policy-validator-k8s-tls`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{ .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`annotations:`
			`{{ include "partials.annotations.created-by" . }}`
			`type: kubernetes.io/tls`
			`data:`
			`tls.crt: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.policyValidator.crtPEM)) (empty .Values.policyValidator.crtPEM) }}`
			`tls.key: {{ ternary (b64enc (trim $ca.Key)) (b64enc (trim .Values.policyValidator.keyPEM)) (empty .Values.policyValidator.keyPEM) }}`
			`---`
			`{{- end }}`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- include "linkerd.webhook.validation" .Values.policyValidator }}`
make charts 2021-09-30 22:13:01 +00:00			`apiVersion: admissionregistration.k8s.io/v1`
			`kind: ValidatingWebhookConfiguration`
			`metadata:`
			`name: linkerd-policy-validator-webhook-config`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- if or (.Values.policyValidator.injectCaFrom) (.Values.policyValidator.injectCaFromSecret) }}`
			`annotations:`
			`{{- if .Values.policyValidator.injectCaFrom }}`
			`cert-manager.io/inject-ca-from: {{ .Values.policyValidator.injectCaFrom }}`
			`{{- end }}`
			`{{- if .Values.policyValidator.injectCaFromSecret }}`
			`cert-manager.io/inject-ca-from-secret: {{ .Values.policyValidator.injectCaFromSecret }}`
			`{{- end }}`
			`{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`labels:`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`webhooks:`
			`- name: linkerd-policy-validator.linkerd.io`
			`namespaceSelector:`
			`{{- toYaml .Values.policyValidator.namespaceSelector \| trim \| nindent 4 }}`
			`clientConfig:`
			`service:`
			`name: linkerd-policy-validator`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{ .Release.Namespace }}`
make charts 2021-09-30 22:13:01 +00:00			`path: "/"`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- if and (empty .Values.policyValidator.injectCaFrom) (empty .Values.policyValidator.injectCaFromSecret) }}`
make charts 2021-09-30 22:13:01 +00:00			`caBundle: {{ ternary (b64enc (trim $ca.Cert)) (b64enc (trim .Values.policyValidator.caBundle)) (empty .Values.policyValidator.caBundle) }}`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`failurePolicy: {{.Values.webhookFailurePolicy}}`
			`admissionReviewVersions: ["v1", "v1beta1"]`
			`rules:`
			`- operations: ["CREATE", "UPDATE"]`
			`apiGroups: ["policy.linkerd.io"]`
			`apiVersions: ["v1alpha1", "v1beta1"]`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`resources:`
			`- authorizationpolicies`
			`- httproutes`
			`- networkauthentications`
			`- meshtlsauthentications`
			`- serverauthorizations`
			`- servers`
make charts 2021-09-30 22:13:01 +00:00			`sideEffects: None`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: linkerd-policy`
			`labels:`
			`app.kubernetes.io/part-of: Linkerd`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- pods`
			`verbs:`
			`- get`
			`- list`
			`- watch`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`- apiGroups:`
			`- apps`
			`resources:`
			`- deployments`
			`verbs:`
			`- get`
make charts 2021-09-30 22:13:01 +00:00			`- apiGroups:`
			`- policy.linkerd.io`
			`resources:`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`- authorizationpolicies`
			`- httproutes`
			`- meshtlsauthentications`
			`- networkauthentications`
make charts 2021-09-30 22:13:01 +00:00			`- servers`
			`- serverauthorizations`
			`verbs:`
			`- get`
			`- list`
			`- watch`
Charts CI ``` Updated: argo/argo-cd: - 5.43.5 bitnami/cassandra: - 10.5.0 bitnami/kafka: - 25.0.1 bitnami/mariadb: - 13.1.1 bitnami/mysql: - 9.12.0 bitnami/postgresql: - 12.9.0 bitnami/redis: - 17.16.0 bitnami/spark: - 7.1.5 bitnami/tomcat: - 10.10.0 bitnami/wordpress: - 17.1.2 bitnami/zookeeper: - 12.1.0 datadog/datadog: - 3.34.2 external-secrets/external-secrets: - 0.9.4 jenkins/jenkins: - 4.6.1 kubecost/cost-analyzer: - 1.105.2 linkerd/linkerd-control-plane: - 1.15.0 new-relic/nri-bundle: - 5.0.26 redpanda/redpanda: - 5.1.5 speedscale/speedscale-operator: - 1.3.28 ``` 2023-08-24 14:41:28 +00:00			`- apiGroups:`
			`- gateway.networking.k8s.io`
			`resources:`
			`- httproutes`
			`verbs:`
			`- get`
			`- list`
			`- watch`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`- apiGroups:`
			`- policy.linkerd.io`
			`resources:`
			`- httproutes/status`
			`verbs:`
			`- patch`
Charts CI ``` Updated: argo/argo-cd: - 5.43.5 bitnami/cassandra: - 10.5.0 bitnami/kafka: - 25.0.1 bitnami/mariadb: - 13.1.1 bitnami/mysql: - 9.12.0 bitnami/postgresql: - 12.9.0 bitnami/redis: - 17.16.0 bitnami/spark: - 7.1.5 bitnami/tomcat: - 10.10.0 bitnami/wordpress: - 17.1.2 bitnami/zookeeper: - 12.1.0 datadog/datadog: - 3.34.2 external-secrets/external-secrets: - 0.9.4 jenkins/jenkins: - 4.6.1 kubecost/cost-analyzer: - 1.105.2 linkerd/linkerd-control-plane: - 1.15.0 new-relic/nri-bundle: - 5.0.26 redpanda/redpanda: - 5.1.5 speedscale/speedscale-operator: - 1.3.28 ``` 2023-08-24 14:41:28 +00:00			`- apiGroups:`
			`- gateway.networking.k8s.io`
			`resources:`
			`- httproutes/status`
			`verbs:`
			`- patch`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`- apiGroups:`
			`- coordination.k8s.io`
			`resources:`
			`- leases`
			`verbs:`
			`- create`
			`- get`
			`- patch`
make charts 2021-09-30 22:13:01 +00:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: linkerd-destination-policy`
			`labels:`
			`app.kubernetes.io/part-of: Linkerd`
			`linkerd.io/control-plane-component: destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
make charts 2021-09-30 22:13:01 +00:00			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: linkerd-policy`
			`subjects:`
			`- kind: ServiceAccount`
			`name: linkerd-destination`
Migrating linkerd to new workflow; removing outdated linkerd2 chart 2023-07-07 15:40:48 +00:00			`namespace: {{.Release.Namespace}}`
Charts CI ``` Updated: argo/argo-cd: - 5.43.5 bitnami/cassandra: - 10.5.0 bitnami/kafka: - 25.0.1 bitnami/mariadb: - 13.1.1 bitnami/mysql: - 9.12.0 bitnami/postgresql: - 12.9.0 bitnami/redis: - 17.16.0 bitnami/spark: - 7.1.5 bitnami/tomcat: - 10.10.0 bitnami/wordpress: - 17.1.2 bitnami/zookeeper: - 12.1.0 datadog/datadog: - 3.34.2 external-secrets/external-secrets: - 0.9.4 jenkins/jenkins: - 4.6.1 kubecost/cost-analyzer: - 1.105.2 linkerd/linkerd-control-plane: - 1.15.0 new-relic/nri-bundle: - 5.0.26 redpanda/redpanda: - 5.1.5 speedscale/speedscale-operator: - 1.3.28 ``` 2023-08-24 14:41:28 +00:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: remote-discovery`
			`namespace: {{.Release.Namespace}}`
			`labels:`
			`app.kubernetes.io/part-of: Linkerd`
			`linkerd.io/control-plane-component: destination`
			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: linkerd-destination-remote-discovery`
			`namespace: {{.Release.Namespace}}`
			`labels:`
			`app.kubernetes.io/part-of: Linkerd`
			`linkerd.io/control-plane-component: destination`
			`linkerd.io/control-plane-ns: {{.Release.Namespace}}`
			`{{- with .Values.commonLabels }}{{ toYaml . \| trim \| nindent 4 }}{{- end }}`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: remote-discovery`
			`subjects:`
			`- kind: ServiceAccount`
			`name: linkerd-destination`
			`namespace: {{.Release.Namespace}}`