github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml (about) 1 {{- if .Values.startupapicheck.enabled }} 2 {{- if .Values.global.podSecurityPolicy.enabled }} 3 {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} 4 kind: ClusterRole 5 apiVersion: rbac.authorization.k8s.io/v1 6 metadata: 7 name: {{ template "startupapicheck.fullname" . }}-psp 8 labels: 9 app: {{ include "startupapicheck.name" . }} 10 app.kubernetes.io/name: {{ include "startupapicheck.name" . }} 11 app.kubernetes.io/instance: {{ .Release.Name }} 12 app.kubernetes.io/component: "startupapicheck" 13 {{- include "labels" . | nindent 4 }} 14 {{- with .Values.startupapicheck.rbac.annotations }} 15 annotations: 16 {{- toYaml . | nindent 4 }} 17 {{- end }} 18 rules: 19 - apiGroups: ['policy'] 20 resources: ['podsecuritypolicies'] 21 verbs: ['use'] 22 resourceNames: 23 - {{ template "startupapicheck.fullname" . }} 24 {{- end }} 25 {{- end }} 26 {{- end }}