github.com/sealerio/sealer@v0.11.1-0.20240507115618-f4f89c5853ae/build/kubefile/parser/test/brigade-github-app/templates/gateway-role.yaml (about) 1 # Copyright © 2022 Alibaba Group Holding Ltd. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 --- {{ $fname := include "gateway.fullname" . }} 16 {{ $serviceAccount := default $fname .Values.serviceAccount.name }} 17 {{ if .Values.serviceAccount.create }} 18 apiVersion: v1 19 kind: ServiceAccount 20 metadata: 21 name: {{ $serviceAccount }} 22 labels: 23 app: {{ template "gateway.fullname" . }} 24 chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 25 release: "{{ .Release.Name }}" 26 heritage: "{{ .Release.Service }}" 27 {{ end }} 28 {{ if .Values.rbac.enabled }} 29 --- 30 kind: Role 31 apiVersion: {{ template "gateway.rbac.version" }} 32 metadata: 33 name: {{ $fname }} 34 labels: 35 app: {{ template "gateway.fullname" . }} 36 chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 37 release: "{{ .Release.Name }}" 38 heritage: "{{ .Release.Service }}" 39 rules: 40 - apiGroups: [""] 41 resources: ["secrets", "pods"] 42 verbs: ["list", "watch", "get", "create"] 43 - apiGroups: [""] 44 resources: ["*"] 45 verbs: ["list", "watch"] 46 --- 47 kind: RoleBinding 48 apiVersion: {{ template "gateway.rbac.version" }} 49 metadata: 50 name: {{ $fname }} 51 labels: 52 app: {{ template "gateway.fullname" . }} 53 chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 54 release: "{{ .Release.Name }}" 55 heritage: "{{ .Release.Service }}" 56 subjects: 57 - kind: ServiceAccount 58 name: {{ $fname }} 59 roleRef: 60 kind: Role 61 name: {{ $fname }} 62 apiGroup: rbac.authorization.k8s.io 63 {{ end }}