rancher-partner-charts/charts/instana/instana-agent/templates/clusterrole.yaml

{{- if or .Values.rbac.create (or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1")) }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ template "instana-agent.fullname" . }}
  labels:
    {{- include "instana-agent.commonLabels" . | nindent 4 }}
rules:
- nonResourceURLs:
    - "/version"
    - "/healthz"
  verbs: ["get"]
{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }}
  apiGroups: []
  resources: []
{{- end }}
- apiGroups: ["batch"]
  resources:
    - "jobs"
    - "cronjobs"
  verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
  resources:
    - "deployments"
    - "replicasets"
    - "ingresses"
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources:
    - "deployments"
    - "replicasets"
    - "daemonsets"
    - "statefulsets"
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources:
    - "namespaces"
    - "events"
    - "services"
    - "endpoints"
    - "nodes"
    - "pods"
    - "replicationcontrollers"
    - "componentstatuses"
    - "resourcequotas"
    - "persistentvolumes"
    - "persistentvolumeclaims"
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources:
    - "endpoints"
  verbs: ["create", "update", "patch"]
- apiGroups: ["networking.k8s.io"]
  resources:
    - "ingresses"
  verbs: ["get", "list", "watch"]
{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }}
- apiGroups: ["apps.openshift.io"]
  resources:
    - "deploymentconfigs"
  verbs: ["get", "list", "watch"]
- apiGroups: ["security.openshift.io"]
  resourceNames: ["privileged"]
  resources: ["securitycontextconstraints"]
  verbs: ["use"]
{{- end -}}
{{- if .Values.podSecurityPolicy.enable}}
- apiGroups: ["policy"]
  resources: ["podsecuritypolicies"]
  verbs:     ["use"]
  resourceNames:
  - {{ template "instana-agent.podSecurityPolicyName" . }}
{{- end }}
{{- end }}
Migrating Instana Agent 2022-10-26 15:48:27 +00:00			`{{- if or .Values.rbac.create (or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1")) }}`
			`---`
Run make validate twice 2021-06-24 01:55:05 +00:00			`kind: ClusterRole`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: {{ template "instana-agent.fullname" . }}`
			`labels:`
			`{{- include "instana-agent.commonLabels" . \| nindent 4 }}`
			`rules:`
			`- nonResourceURLs:`
			`- "/version"`
			`- "/healthz"`
			`verbs: ["get"]`
Migrating Instana Agent 2022-10-26 15:48:27 +00:00			`{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }}`
			`apiGroups: []`
			`resources: []`
			`{{- end }}`
Run make validate twice 2021-06-24 01:55:05 +00:00			`- apiGroups: ["batch"]`
			`resources:`
			`- "jobs"`
			`- "cronjobs"`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["extensions"]`
			`resources:`
			`- "deployments"`
			`- "replicasets"`
			`- "ingresses"`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["apps"]`
			`resources:`
			`- "deployments"`
			`- "replicasets"`
			`- "daemonsets"`
			`- "statefulsets"`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: [""]`
			`resources:`
			`- "namespaces"`
			`- "events"`
			`- "services"`
			`- "endpoints"`
			`- "nodes"`
			`- "pods"`
			`- "replicationcontrollers"`
			`- "componentstatuses"`
			`- "resourcequotas"`
Migrating Instana Agent 2022-10-26 15:48:27 +00:00			`- "persistentvolumes"`
			`- "persistentvolumeclaims"`
Run make validate twice 2021-06-24 01:55:05 +00:00			`verbs: ["get", "list", "watch"]`
			`- apiGroups: [""]`
			`resources:`
			`- "endpoints"`
			`verbs: ["create", "update", "patch"]`
			`- apiGroups: ["networking.k8s.io"]`
			`resources:`
			`- "ingresses"`
			`verbs: ["get", "list", "watch"]`
Migrating Instana Agent 2022-10-26 15:48:27 +00:00			`{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }}`
Run make validate twice 2021-06-24 01:55:05 +00:00			`- apiGroups: ["apps.openshift.io"]`
			`resources:`
			`- "deploymentconfigs"`
			`verbs: ["get", "list", "watch"]`
Migrating Instana Agent 2022-10-26 15:48:27 +00:00			`- apiGroups: ["security.openshift.io"]`
			`resourceNames: ["privileged"]`
			`resources: ["securitycontextconstraints"]`
			`verbs: ["use"]`
Run make validate twice 2021-06-24 01:55:05 +00:00			`{{- end -}}`
			`{{- if .Values.podSecurityPolicy.enable}}`
			`- apiGroups: ["policy"]`
			`resources: ["podsecuritypolicies"]`
			`verbs: ["use"]`
			`resourceNames:`
			`- {{ template "instana-agent.podSecurityPolicyName" . }}`
Migrating Instana Agent 2022-10-26 15:48:27 +00:00			`{{- end }}`
			`{{- end }}`