github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml (about)

     1  {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}}
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: ClusterRole
     4  metadata:
     5    name: {{ include "ingress-nginx.fullname" . }}-admission
     6    annotations:
     7      "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
     8      "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
     9    labels:
    10      {{- include "ingress-nginx.labels" . | nindent 4 }}
    11      app.kubernetes.io/component: admission-webhook
    12      {{- with .Values.controller.admissionWebhooks.patch.labels }}
    13      {{- toYaml . | nindent 4 }}
    14      {{- end }}
    15  rules:
    16    - apiGroups:
    17        - admissionregistration.k8s.io
    18      resources:
    19        - validatingwebhookconfigurations
    20      verbs:
    21        - get
    22        - update
    23  {{- if .Values.podSecurityPolicy.enabled }}
    24    - apiGroups: ['extensions']
    25      resources: ['podsecuritypolicies']
    26      verbs:     ['use']
    27      resourceNames:
    28      {{- with .Values.controller.admissionWebhooks.existingPsp }}
    29      - {{ . }}
    30      {{- else }}
    31      - {{ include "ingress-nginx.fullname" . }}-admission
    32      {{- end }}
    33  {{- end }}
    34  {{- end }}