andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/instana/instana-agent/templates/clusterrole.yaml

77 lines
2.0 KiB
YAML
Raw Blame History

{{- if or .Values.rbac.create (or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1")) }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "instana-agent.fullname" . }}
labels:
{{- include "instana-agent.commonLabels" . | nindent 4 }}
rules:
- nonResourceURLs:
- "/version"
- "/healthz"
verbs: ["get"]
{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }}
apiGroups: []
resources: []
{{- end }}
- apiGroups: ["batch"]
resources:
- "jobs"
- "cronjobs"
verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
resources:
- "deployments"
- "replicasets"
- "ingresses"
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources:
- "deployments"
- "replicasets"
- "daemonsets"
- "statefulsets"
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- "namespaces"
- "events"
- "services"
- "endpoints"
- "nodes"
- "pods"
- "replicationcontrollers"
- "componentstatuses"
- "resourcequotas"
- "persistentvolumes"
- "persistentvolumeclaims"
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- "endpoints"
verbs: ["create", "update", "patch"]
- apiGroups: ["networking.k8s.io"]
resources:
- "ingresses"
verbs: ["get", "list", "watch"]
{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }}
- apiGroups: ["apps.openshift.io"]
resources:
- "deploymentconfigs"
verbs: ["get", "list", "watch"]
- apiGroups: ["security.openshift.io"]
resourceNames: ["privileged"]
resources: ["securitycontextconstraints"]
verbs: ["use"]
{{- end -}}
{{- if .Values.podSecurityPolicy.enable}}
{{- if semverCompare "< 1.25.x" (include "kubeVersion" .) }}
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames:
- {{ template "instana-agent.podSecurityPolicyName" . }}
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink