37 lines
1002 B
YAML
37 lines
1002 B
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ include "falcon-sensor.fullname" . }}-access-role
|
|
labels:
|
|
app: {{ include "falcon-sensor.name" . }}
|
|
app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/component: "container_sensor"
|
|
crowdstrike.com/provider: crowdstrike
|
|
helm.sh/chart: {{ include "falcon-sensor.chart" . }}
|
|
rules:
|
|
{{- if .Values.container.enabled }}
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
{{- end }}
|
|
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
|
- apiGroups:
|
|
- policy
|
|
resourceNames:
|
|
{{- if .Values.node.enabled }}
|
|
- {{ include "falcon-sensor.fullname" . }}-node
|
|
{{- end }}
|
|
{{- if .Values.container.enabled }}
|
|
- {{ include "falcon-sensor.fullname" . }}-container
|
|
{{- end }}
|
|
resources:
|
|
- podsecuritypolicies
|
|
verbs:
|
|
- use
|
|
{{- end }}
|