github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml (about)

     1  {{- if .Values.startupapicheck.enabled }}
     2  {{- if .Values.global.podSecurityPolicy.enabled }}
     3  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
     4  kind: ClusterRole
     5  apiVersion: rbac.authorization.k8s.io/v1
     6  metadata:
     7    name: {{ template "startupapicheck.fullname" . }}-psp
     8    labels:
     9      app: {{ include "startupapicheck.name" . }}
    10      app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
    11      app.kubernetes.io/instance: {{ .Release.Name }}
    12      app.kubernetes.io/component: "startupapicheck"
    13      {{- include "labels" . | nindent 4 }}
    14    {{- with .Values.startupapicheck.rbac.annotations }}
    15    annotations:
    16      {{- toYaml . | nindent 4 }}
    17    {{- end }}
    18  rules:
    19  - apiGroups: ['policy']
    20    resources: ['podsecuritypolicies']
    21    verbs:     ['use']
    22    resourceNames:
    23    - {{ template "startupapicheck.fullname" . }}
    24  {{- end }}
    25  {{- end }}
    26  {{- end }}