{{- if .Values.rbac.create -}} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} labels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }} app: {{ template "f5-bigip-ctlr.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: - apiGroups: - '' - extensions - networking.k8s.io - route.openshift.io resources: - nodes - services - endpoints - namespaces - ingresses - pods - ingressclasses - policies - routes verbs: - get - list - watch - apiGroups: - '' - extensions - networking.k8s.io - route.openshift.io resources: - configmaps - events - ingresses/status - services/status - routes/status verbs: - get - list - watch - update - create - patch - apiGroups: - cis.f5.com resources: - virtualservers - virtualservers/status - tlsprofiles - transportservers - transportservers/status - ingresslinks - ingresslinks/status - externaldnses - policies verbs: - get - list - watch - update - patch - apiGroups: - '' - extensions resources: - secrets verbs: - get - list - watch - apiGroups: - config.openshift.io/v1 resources: - network verbs: - list {{- if .Values.args.ipam }} - apiGroups: - fic.f5.com resources: - ipams - ipams/status verbs: - get - list - watch - update - create - patch - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch - update - create - patch {{- end }} {{- end }}