github.com/spotahome/redis-operator@v1.2.4/charts/redisoperator/templates/service-account.yaml

github.com/spotahome/redis-operator@v1.2.4/charts/redisoperator/templates/service-account.yaml (about)

     1  {{ if .Values.serviceAccount.create }}
     2  {{- $fullName := include "chart.fullname" . -}}
     3  {{- $data := dict "Chart" .Chart "Release" .Release "Values" .Values -}}
     4  apiVersion: v1
     5  kind: ServiceAccount
     6  metadata:
     7    name: {{ $fullName }}
     8    labels:
     9      {{- include "chart.labels" $data | nindent 4 }}
    10  ---
    11  apiVersion: rbac.authorization.k8s.io/v1
    12  kind: ClusterRole
    13  metadata:
    14    name: {{ $fullName }}
    15    labels:
    16      {{- include "chart.labels" $data | nindent 4 }}
    17  rules:
    18    - apiGroups:
    19        - databases.spotahome.com
    20      resources:
    21        - redisfailovers
    22        - redisfailovers/finalizers
    23      verbs:
    24        - create
    25        - delete
    26        - get
    27        - list
    28        - patch
    29        - update
    30        - watch
    31    - apiGroups:
    32        - apiextensions.k8s.io
    33      resources:
    34        - customresourcedefinitions
    35      verbs:
    36        - create
    37        - delete
    38        - get
    39        - list
    40        - patch
    41        - update
    42        - watch
    43    - apiGroups:
    44      - coordination.k8s.io
    45      resources:
    46      - leases
    47      verbs:
    48      - create
    49      - get
    50      - list
    51      - update
    52    - apiGroups:
    53        - ""
    54      resources:
    55        - pods
    56        - services
    57        - endpoints
    58        - events
    59        - configmaps
    60        - persistentvolumeclaims
    61        - persistentvolumeclaims/finalizers
    62      verbs:
    63        - create
    64        - delete
    65        - get
    66        - list
    67        - patch
    68        - update
    69        - watch
    70    - apiGroups:
    71        - ""
    72      resources:
    73        - secrets
    74      verbs:
    75        - "get"
    76    - apiGroups:
    77        - apps
    78      resources:
    79        - deployments
    80        - statefulsets
    81      verbs:
    82        - create
    83        - delete
    84        - get
    85        - list
    86        - patch
    87        - update
    88        - watch
    89    - apiGroups:
    90        - policy
    91      resources:
    92        - poddisruptionbudgets
    93      verbs:
    94        - create
    95        - delete
    96        - get
    97        - list
    98        - patch
    99        - update
   100        - watch
   101  ---
   102  kind: ClusterRoleBinding
   103  apiVersion: rbac.authorization.k8s.io/v1
   104  metadata:
   105    name: {{ $fullName }}
   106  subjects:
   107    - kind: ServiceAccount
   108      name: {{ $fullName }}
   109      namespace: {{ .Release.Namespace }}
   110  roleRef:
   111    apiGroup: rbac.authorization.k8s.io
   112    kind: ClusterRole
   113    name: {{ $fullName }}
   114  {{- end }}