107 lines
2.7 KiB
YAML
107 lines
2.7 KiB
YAML
{{ if not .Values.yugaware.serviceAccount }}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ .Release.Name }}
|
|
labels:
|
|
k8s-app: yugaware
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
{{- if .Values.yugaware.serviceAccountAnnotations }}
|
|
annotations:
|
|
{{ toYaml .Values.yugaware.serviceAccountAnnotations | indent 4 }}
|
|
{{- end }}
|
|
{{ end }}
|
|
{{- if .Values.rbac.create }}
|
|
{{- if .Values.ocpCompatibility.enabled }}
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ .Release.Name }}-cluster-monitoring-view
|
|
labels:
|
|
app: yugaware
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ .Values.yugaware.serviceAccount | default .Release.Name }}
|
|
namespace: {{ .Release.Namespace }}
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: cluster-monitoring-view
|
|
apiGroup: rbac.authorization.k8s.io
|
|
{{- else }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ .Release.Name }}
|
|
rules:
|
|
- apiGroups: ["policy"]
|
|
resources:
|
|
- poddisruptionbudgets
|
|
verbs: ["get", "create", "delete", "patch"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- services
|
|
verbs: ["get", "delete", "create", "patch", "list", "watch"]
|
|
- apiGroups: ["apps"]
|
|
resources:
|
|
- statefulsets
|
|
verbs: ["get", "delete", "create", "patch", "scale"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- secrets
|
|
verbs: ["create", "list", "get", "delete", "update", "patch"]
|
|
- apiGroups: ["cert-manager.io"]
|
|
resources:
|
|
- certificates
|
|
verbs: ["create", "delete", "get", "patch"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- nodes
|
|
- nodes/proxy
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
- pods/exec
|
|
- configmaps # added configmaps resource
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # added all verbs for configmaps
|
|
- apiGroups:
|
|
- extensions
|
|
resources:
|
|
- ingresses
|
|
verbs: ["get", "list", "watch"]
|
|
- nonResourceURLs: ["/metrics"]
|
|
verbs: ["get"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- namespaces
|
|
- secrets
|
|
- pods/portforward
|
|
- events # added events resource
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # added all verbs for events
|
|
- apiGroups: ["", "extensions"]
|
|
resources:
|
|
- deployments
|
|
- services
|
|
verbs: ["create", "get", "list", "watch", "update", "delete"]
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ .Release.Name }}
|
|
labels:
|
|
k8s-app: yugaware
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ .Values.yugaware.serviceAccount | default .Release.Name }}
|
|
namespace: {{ .Release.Namespace }}
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: {{ .Release.Name }}
|
|
apiGroup: rbac.authorization.k8s.io
|
|
{{- end }}
|
|
{{- end }}
|