github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/webhook-psp-clusterrole.yaml (about)

     1  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
     2  {{- if .Values.global.podSecurityPolicy.enabled }}
     3  kind: ClusterRole
     4  apiVersion: rbac.authorization.k8s.io/v1
     5  metadata:
     6    name: {{ template "webhook.fullname" . }}-psp
     7    labels:
     8      app: {{ include "webhook.name" . }}
     9      app.kubernetes.io/name: {{ include "webhook.name" . }}
    10      app.kubernetes.io/instance: {{ .Release.Name }}
    11      app.kubernetes.io/component: "webhook"
    12      {{- include "labels" . | nindent 4 }}
    13  rules:
    14  - apiGroups: ['policy']
    15    resources: ['podsecuritypolicies']
    16    verbs:     ['use']
    17    resourceNames:
    18    - {{ template "webhook.fullname" . }}
    19  {{- end }}
    20  {{- end }}