github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml (about)

     1  {{- if .Values.cainjector.enabled }}
     2  {{- if .Values.global.podSecurityPolicy.enabled }}
     3  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
     4  kind: ClusterRole
     5  apiVersion: rbac.authorization.k8s.io/v1
     6  metadata:
     7    name: {{ template "cainjector.fullname" . }}-psp
     8    labels:
     9      app: {{ include "cainjector.name" . }}
    10      app.kubernetes.io/name: {{ include "cainjector.name" . }}
    11      app.kubernetes.io/instance: {{ .Release.Name }}
    12      app.kubernetes.io/component: "cainjector"
    13      {{- include "labels" . | nindent 4 }}
    14  rules:
    15  - apiGroups: ['policy']
    16    resources: ['podsecuritypolicies']
    17    verbs:     ['use']
    18    resourceNames:
    19    - {{ template "cainjector.fullname" . }}
    20  {{- end }}
    21  {{- end }}
    22  {{- end }}