github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/mic-clusterrole.yaml

github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/mic-clusterrole.yaml (about)

     1  {{- if and .Values.rbac.enabled (eq .Values.operationMode "standard") }}
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: ClusterRole
     4  metadata:
     5    name: {{ template "aad-pod-identity.mic.fullname" . }}
     6    labels:
     7      {{- include "aad-pod-identity.labels" . | nindent 4 }}
     8      app.kubernetes.io/component: mic
     9  rules:
    10  - apiGroups: ["apiextensions.k8s.io"]
    11    resources: ["customresourcedefinitions"]
    12    verbs: ["*"]
    13  - apiGroups: [""]
    14    resources: ["pods", "nodes"]
    15    verbs: [ "list", "watch" ]
    16  - apiGroups: [""]
    17    resources: ["events"]
    18    verbs: ["create", "patch"]
    19  - apiGroups: [""]
    20    resources: ["configmaps"]
    21    verbs: ["get", "create", "update"]
    22  - apiGroups: [""]
    23    resources: ["endpoints"]
    24    verbs: [ "create", "get", "update"]
    25  - apiGroups: ["aadpodidentity.k8s.io"]
    26    resources: ["azureidentitybindings", "azureidentities"]
    27    verbs: ["get", "list", "watch", "post", "update"]
    28  - apiGroups: ["aadpodidentity.k8s.io"]
    29    resources: ["azurepodidentityexceptions"]
    30    verbs: ["list", "update"]
    31  - apiGroups: ["aadpodidentity.k8s.io"]
    32    resources: ["azureassignedidentities"]
    33    verbs: ["*"]
    34  {{- if .Values.rbac.pspEnabled }}
    35  - apiGroups: ['policy']
    36    resources: ['podsecuritypolicies']
    37    verbs:     ['use']
    38    resourceNames:
    39      - {{ template "aad-pod-identity-psp.mic.fullname" . }}
    40  {{- end }}
    41  {{- end }}