github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/kblib/templates/_rbac.tpl

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/kblib/templates/_rbac.tpl (about)

     1  {{/*
     2  Define the service account name
     3  */}}
     4  {{- define "kblib.serviceAccountName" -}}
     5  {{- if .Values.extra.rbacEnabled }}
     6  {{- printf "kb-%s" (include "kblib.clusterName" .) }}
     7  {{- else }}
     8  {{- "" }}
     9  {{- end }}
    10  {{- end }}
    11  
    12  {{/*
    13  Define the role name
    14  */}}
    15  {{- define "kblib.roleName" -}}
    16  {{- printf "kb-%s" (include "kblib.clusterName" .) }}
    17  {{- end }}
    18  
    19  {{/*
    20  Define the rolebinding name
    21  */}}
    22  {{- define "kblib.roleBindingName" -}}
    23  {{- printf "kb-%s" (include "kblib.clusterName" .) }}
    24  {{- end }}
    25  
    26  {{/*
    27  Define the clusterrolebinding name
    28  */}}
    29  {{- define "kblib.clusterRoleBindingName" -}}
    30  {{- printf "kb-%s" (include "kblib.clusterName" .) }}
    31  {{- end }}
    32  
    33  {{/*
    34  Define the service account
    35  */}}
    36  {{- define "kblib.serviceAccount" }}
    37  apiVersion: v1
    38  kind: ServiceAccount
    39  metadata:
    40    name: {{ include "kblib.serviceAccountName" . }}
    41    namespace: {{ .Release.Namespace }}
    42    labels:
    43      {{- include "kblib.clusterLabels" . | nindent 4 }}
    44  {{- end }}
    45  
    46  {{/*
    47  Define the rolebinding
    48  */}}
    49  {{- define "kblib.roleBinding" }}
    50  apiVersion: rbac.authorization.k8s.io/v1
    51  kind: RoleBinding
    52  metadata:
    53    name: {{ include "kblib.roleBindingName" . }}
    54    labels:
    55      {{- include "kblib.clusterLabels" . | nindent 4 }}
    56  roleRef:
    57    apiGroup: rbac.authorization.k8s.io
    58    kind: ClusterRole
    59    name: kubeblocks-cluster-pod-role
    60  subjects:
    61    - kind: ServiceAccount
    62      name: {{ include "kblib.serviceAccountName" . }}
    63      namespace: {{ .Release.Namespace }}
    64  {{- end }}
    65  
    66  {{/*
    67  Define the rolebinding
    68  */}}
    69  {{- define "kblib.clusterRoleBinding" }}
    70  apiVersion: rbac.authorization.k8s.io/v1
    71  kind: ClusterRoleBinding
    72  metadata:
    73    name: {{ include "kblib.roleBindingName" . }}
    74    labels:
    75      {{- include "kblib.clusterLabels" . | nindent 4 }}
    76  roleRef:
    77    apiGroup: rbac.authorization.k8s.io
    78    kind: ClusterRole
    79    name: kubeblocks-volume-protection-pod-role
    80  subjects:
    81    - kind: ServiceAccount
    82      name: {{ include "kblib.serviceAccountName" . }}
    83      namespace: {{ .Release.Namespace }}
    84  {{- end }}
    85  
    86  {{/*
    87  Define the whole rbac
    88  */}}
    89  {{- define "kblib.rbac" }}
    90  {{- if .Values.extra.rbacEnabled }}
    91  ---
    92  {{- include "kblib.serviceAccount" . }}
    93  ---
    94  {{- include "kblib.clusterRoleBinding" . }}
    95  ---
    96  {{- include "kblib.roleBinding" . }}
    97  {{- else }}
    98  {{- "" }}
    99  {{- end }}
   100  {{- end }}