github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/startupapicheck-rbac.yaml (about) 1 {{- if .Values.startupapicheck.enabled }} 2 {{- if .Values.global.rbac.create }} 3 # create certificate role 4 apiVersion: rbac.authorization.k8s.io/v1 5 kind: Role 6 metadata: 7 name: {{ template "startupapicheck.fullname" . }}:create-cert 8 namespace: {{ include "cert-manager.namespace" . }} 9 labels: 10 app: {{ include "startupapicheck.name" . }} 11 app.kubernetes.io/name: {{ include "startupapicheck.name" . }} 12 app.kubernetes.io/instance: {{ .Release.Name }} 13 app.kubernetes.io/component: "startupapicheck" 14 {{- include "labels" . | nindent 4 }} 15 {{- with .Values.startupapicheck.rbac.annotations }} 16 annotations: 17 {{- toYaml . | nindent 4 }} 18 {{- end }} 19 rules: 20 - apiGroups: ["cert-manager.io"] 21 resources: ["certificates"] 22 verbs: ["create"] 23 --- 24 apiVersion: rbac.authorization.k8s.io/v1 25 kind: RoleBinding 26 metadata: 27 name: {{ include "startupapicheck.fullname" . }}:create-cert 28 namespace: {{ include "cert-manager.namespace" . }} 29 labels: 30 app: {{ include "startupapicheck.name" . }} 31 app.kubernetes.io/name: {{ include "startupapicheck.name" . }} 32 app.kubernetes.io/instance: {{ .Release.Name }} 33 app.kubernetes.io/component: "startupapicheck" 34 {{- include "labels" . | nindent 4 }} 35 {{- with .Values.startupapicheck.rbac.annotations }} 36 annotations: 37 {{- toYaml . | nindent 4 }} 38 {{- end }} 39 roleRef: 40 apiGroup: rbac.authorization.k8s.io 41 kind: Role 42 name: {{ template "startupapicheck.fullname" . }}:create-cert 43 subjects: 44 - kind: ServiceAccount 45 name: {{ template "startupapicheck.serviceAccountName" . }} 46 namespace: {{ include "cert-manager.namespace" . }} 47 {{- end }} 48 {{- end }}