github.com/nginxinc/kubernetes-ingress@v1.12.5/deployments/helm-chart/templates/rbac.yaml

github.com/nginxinc/kubernetes-ingress@v1.12.5/deployments/helm-chart/templates/rbac.yaml (about)

     1  {{- if .Values.rbac.create }}
     2  kind: ClusterRole
     3  apiVersion: rbac.authorization.k8s.io/v1
     4  metadata:
     5    name: {{ include "nginx-ingress.name" . }}
     6    labels:
     7      {{- include "nginx-ingress.labels" . | nindent 4 }}
     8  rules:
     9  {{- if .Values.controller.appprotect.enable }}
    10  - apiGroups: 
    11    - appprotect.f5.com
    12    resources: 
    13    - appolicies
    14    - aplogconfs
    15    - apusersigs
    16    verbs: 
    17    - get 
    18    - watch
    19    - list
    20  {{- end }}
    21  - apiGroups:
    22    - ""
    23    resources:
    24    - services
    25    - endpoints
    26    verbs:
    27    - get
    28    - list
    29    - watch
    30  - apiGroups:
    31    - ""
    32    resources:
    33    - secrets
    34    verbs:
    35    - get
    36    - list
    37    - watch
    38  - apiGroups:
    39    - ""
    40    resources:
    41    - configmaps
    42    verbs:
    43    - get
    44    - list
    45    - watch
    46  {{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
    47    - update
    48    - create
    49  {{- end }}
    50  - apiGroups:
    51    - ""
    52    resources:
    53    - pods
    54    verbs:
    55    - list
    56    - watch
    57  - apiGroups:
    58    - ""
    59    resources:
    60    - events
    61    verbs:
    62    - create
    63    - patch
    64    - list
    65  - apiGroups:
    66    - networking.k8s.io
    67    resources:
    68    - ingresses
    69    verbs:
    70    - get
    71    - list
    72    - watch
    73  - apiGroups:
    74    - networking.k8s.io
    75    resources:
    76    - ingressclasses
    77    verbs:
    78    - get
    79  {{- if .Values.controller.reportIngressStatus.enable }}
    80  - apiGroups:
    81    - networking.k8s.io
    82    resources:
    83    - ingresses/status
    84    verbs:
    85    - update
    86  {{- end }}
    87  {{- if .Values.controller.enableCustomResources }}
    88  - apiGroups:
    89    - k8s.nginx.org
    90    resources:
    91    - virtualservers
    92    - virtualserverroutes
    93    - globalconfigurations
    94    - transportservers
    95    - policies
    96    verbs:
    97    - list
    98    - watch
    99    - get
   100  - apiGroups:
   101    - k8s.nginx.org
   102    resources:
   103    - virtualservers/status
   104    - virtualserverroutes/status
   105    - policies/status
   106    - transportservers/status
   107    verbs:
   108    - update
   109  {{- end }}
   110  {{- if .Values.controller.reportIngressStatus.ingressLink }}
   111  - apiGroups:
   112    - cis.f5.com
   113    resources:
   114    - ingresslinks
   115    verbs:
   116    - list
   117    - watch
   118    - get
   119  {{- end }}
   120  ---
   121  kind: ClusterRoleBinding
   122  apiVersion: rbac.authorization.k8s.io/v1
   123  metadata:
   124    name: {{ include "nginx-ingress.name" . }}
   125    labels:
   126      {{- include "nginx-ingress.labels" . | nindent 4 }}
   127  subjects:
   128  - kind: ServiceAccount
   129    name: {{ include "nginx-ingress.serviceAccountName" . }}
   130    namespace: {{ .Release.Namespace }}
   131  roleRef:
   132    kind: ClusterRole
   133    name: {{ include "nginx-ingress.name" . }}
   134    apiGroup: rbac.authorization.k8s.io
   135  {{- end }}