rancher-partner-charts/charts/citrix/citrix-cpx-istio-sidecar-in.../templates/cpx-sidecar-injector-servic...

# Serviceaccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cpx-sidecar-injector-service-account
  namespace: {{ .Release.Namespace }}
  labels:
    app: cpx-sidecar-injector

---
# ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cpx-sidecar-injector-istio-system
  labels:
    app: cpx-sidecar-injector
rules:
- apiGroups: ["*"]
  resources: ["configmaps"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
  resources: ["mutatingwebhookconfigurations"]
  verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["certificates.k8s.io"]
  resources: ["certificatesigningrequests", "certificatesigningrequests/approval"]
  verbs: ["get", "list", "create", "watch", "delete", "update"]
- apiGroups: ["certificates.k8s.io"]
  resources: ["signers"]
  resourceNames: ["kubernetes.io/legacy-unknown", "kubernetes.io/kubelet-serving"]
  verbs: ["get", "list", "create", "watch", "delete", "update", "approve"]
---
# ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cpx-sidecar-injector-admin-role-binding-istio-system
  labels:
    app: cpx-sidecar-injector
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cpx-sidecar-injector-istio-system
subjects:
  - kind: ServiceAccount
    name: cpx-sidecar-injector-service-account
    namespace: {{ .Release.Namespace }}
---
Migrating citrix charts to automated process 2022-12-02 05:00:00 +00:00			`# Serviceaccount`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: cpx-sidecar-injector-service-account`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app: cpx-sidecar-injector`

			`---`
			`# ClusterRole`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: cpx-sidecar-injector-istio-system`
			`labels:`
			`app: cpx-sidecar-injector`
			`rules:`
			`- apiGroups: ["*"]`
			`resources: ["configmaps"]`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["admissionregistration.k8s.io"]`
			`resources: ["mutatingwebhookconfigurations"]`
			`verbs: ["get", "list", "watch", "patch"]`
			`- apiGroups: ["certificates.k8s.io"]`
			`resources: ["certificatesigningrequests", "certificatesigningrequests/approval"]`
			`verbs: ["get", "list", "create", "watch", "delete", "update"]`
			`- apiGroups: ["certificates.k8s.io"]`
			`resources: ["signers"]`
			`resourceNames: ["kubernetes.io/legacy-unknown", "kubernetes.io/kubelet-serving"]`
			`verbs: ["get", "list", "create", "watch", "delete", "update", "approve"]`
			`---`
			`# ClusterRoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: cpx-sidecar-injector-admin-role-binding-istio-system`
			`labels:`
			`app: cpx-sidecar-injector`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: cpx-sidecar-injector-istio-system`
			`subjects:`
			`- kind: ServiceAccount`
			`name: cpx-sidecar-injector-service-account`
			`namespace: {{ .Release.Namespace }}`
			`---`