github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/dex/templates/rbac.yaml (about)

     1  {{- if .Values.rbac.create }}
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: Role
     4  metadata:
     5    name: {{ include "dex.fullname" . }}
     6    labels:
     7      {{- include "dex.labels" . | nindent 4 }}
     8  rules:
     9    - apiGroups: ["dex.coreos.com"]
    10      resources: ["*"]
    11      verbs: ["*"]
    12  ---
    13  apiVersion: rbac.authorization.k8s.io/v1
    14  kind: RoleBinding
    15  metadata:
    16    name: {{ include "dex.fullname" . }}
    17    labels:
    18      {{- include "dex.labels" . | nindent 4 }}
    19  roleRef:
    20    kind: Role
    21    apiGroup: rbac.authorization.k8s.io
    22    name: {{ include "dex.fullname" . }}  
    23  subjects:
    24  - kind: ServiceAccount
    25    namespace: {{ .Release.Namespace }}
    26    name: {{ include "dex.serviceAccountName" . }}
    27  {{- if .Values.rbac.createClusterScoped }}
    28  ---
    29  apiVersion: rbac.authorization.k8s.io/v1
    30  kind: ClusterRole
    31  metadata:
    32    name: {{ include "dex.fullname" . }}
    33    labels:
    34      {{- include "dex.labels" . | nindent 4 }}
    35  rules:
    36    - apiGroups: ["apiextensions.k8s.io"]
    37      resources: ["customresourcedefinitions"]
    38      verbs: ["list", "create"]
    39  ---
    40  apiVersion: rbac.authorization.k8s.io/v1
    41  kind: ClusterRoleBinding
    42  metadata:
    43    name: {{ include "dex.fullname" . }}-cluster
    44    labels:
    45      {{- include "dex.labels" . | nindent 4 }}
    46  roleRef:
    47    kind: ClusterRole
    48    apiGroup: rbac.authorization.k8s.io
    49    name: {{ include "dex.fullname" . }}
    50  subjects:
    51  - kind: ServiceAccount
    52    namespace: {{ .Release.Namespace }}
    53    name: {{ include "dex.serviceAccountName" . }}
    54  {{- end }}
    55  {{- end }}