github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/charts/kyma-environment-broker/templates/rbac.yaml (about) 1 apiVersion: rbac.authorization.k8s.io/v1 2 kind: Role 3 metadata: 4 name: {{ include "kyma-env-broker.fullname" . }} 5 namespace: {{ .Release.Namespace }} 6 labels: 7 app: {{ .Chart.Name }} 8 release: {{ .Release.Name }} 9 rules: 10 - apiGroups: ["*"] 11 resources: ["secrets"] 12 verbs: ["*"] 13 - apiGroups: ["*"] 14 resources: ["configmaps"] 15 verbs: ["list", "get"] 16 - apiGroups: ["core.gardener.cloud"] 17 resources: ["shoots"] 18 verbs: ["list", "get"] 19 - apiGroups: ["core.gardener.cloud"] 20 resources: ["secretbindings"] 21 verbs: ["list", "get", "update"] 22 - apiGroups: [ "operator.kyma-project.io" ] 23 resources: [ "kymas" ] 24 verbs: [ "*" ] 25 26 --- 27 kind: RoleBinding 28 apiVersion: rbac.authorization.k8s.io/v1 29 metadata: 30 name: {{ include "kyma-env-broker.fullname" . }} 31 namespace: {{ .Release.Namespace }} 32 labels: 33 app: {{ .Chart.Name }} 34 release: {{ .Release.Name }} 35 annotations: 36 argocd.argoproj.io/sync-options: Prune=false 37 subjects: 38 - kind: ServiceAccount 39 name: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 40 namespace: {{ .Release.Namespace }} 41 roleRef: 42 kind: Role 43 name: {{ include "kyma-env-broker.fullname" . }} 44 apiGroup: rbac.authorization.k8s.io 45 46 --- 47 apiVersion: v1 48 kind: ServiceAccount 49 metadata: 50 name: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 51 namespace: {{ .Release.Namespace }} 52 {{- if .Values.serviceAccount.annotations }} 53 annotations: 54 argocd.argoproj.io/sync-options: Prune=false 55 {{ tpl (toYaml .Values.serviceAccount.annotations) . | indent 4 }} 56 {{- end }}