andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/streamsets/control-agent/2.0.100/templates/rbac.yaml

92 lines
3.2 KiB
YAML
Raw Blame History

{{- if .Values.rbac.enabled }}
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ include "control-agent.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "control-agent.name" . }}
helm.sh/chart: {{ include "control-agent.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: {{ .Release.Namespace }}
name: {{ include "control-agent.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "control-agent.name" . }}
helm.sh/chart: {{ include "control-agent.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
rules:
- apiGroups: ["", "extensions", "autoscaling", "apps"]
resources: ["pods", "deployments", "replicasets", "horizontalpodautoscalers", "services", "ingresses"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "update"]
{{- if .Values.streamsets.crdEnabled }}
- apiGroups: ["streamsets.k8s.io"]
resources: ["sdcs"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ include "control-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "control-agent.name" . }}
helm.sh/chart: {{ include "control-agent.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "control-agent.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "control-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
---
{{- if .Values.streamsets.crdEnabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: streamsets-crd-handler
labels:
app.kubernetes.io/name: {{ include "control-agent.name" . }}
helm.sh/chart: {{ include "control-agent.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions", ]
verbs: ["get", "list", "watch"]
- apiGroups: ["apiextensions.k8s.io", "streamsets.k8s.io"]
resources: ["customresourcedefinitions", "sdcs"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "control-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "control-agent.name" . }}
helm.sh/chart: {{ include "control-agent.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: streamsets-crd-handler
subjects:
- kind: ServiceAccount
name: {{ include "control-agent.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink