github.com/sealerio/sealer@v0.11.1-0.20240507115618-f4f89c5853ae/build/kubefile/parser/test/brigade-github-app/templates/gateway-role.yaml (about)

     1  # Copyright © 2022 Alibaba Group Holding Ltd.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  --- {{ $fname := include "gateway.fullname" . }}
    16  {{ $serviceAccount := default $fname .Values.serviceAccount.name }}
    17  {{ if .Values.serviceAccount.create }}
    18  apiVersion: v1
    19  kind: ServiceAccount
    20  metadata:
    21    name: {{ $serviceAccount }}
    22    labels:
    23      app: {{ template "gateway.fullname" . }}
    24      chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    25      release: "{{ .Release.Name }}"
    26      heritage: "{{ .Release.Service }}"
    27  {{ end }}
    28  {{ if .Values.rbac.enabled }}
    29  ---
    30  kind: Role
    31  apiVersion: {{ template "gateway.rbac.version" }}
    32  metadata:
    33    name: {{ $fname }}
    34    labels:
    35      app: {{ template "gateway.fullname" . }}
    36      chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    37      release: "{{ .Release.Name }}"
    38      heritage: "{{ .Release.Service }}"
    39  rules:
    40  - apiGroups: [""]
    41    resources: ["secrets", "pods"]
    42    verbs: ["list", "watch", "get", "create"]
    43  - apiGroups: [""]
    44    resources: ["*"]
    45    verbs: ["list", "watch"]
    46  ---
    47  kind: RoleBinding
    48  apiVersion: {{ template "gateway.rbac.version" }}
    49  metadata:
    50    name: {{ $fname }}
    51    labels:
    52      app: {{ template "gateway.fullname" . }}
    53      chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    54      release: "{{ .Release.Name }}"
    55      heritage: "{{ .Release.Service }}"
    56  subjects:
    57  - kind: ServiceAccount
    58    name: {{ $fname }}
    59  roleRef:
    60    kind: Role
    61    name: {{ $fname }}
    62    apiGroup: rbac.authorization.k8s.io
    63  {{ end }}