github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/clusterrole.yaml (about) 1 {{- if .Values.rbac.create }} 2 3 {{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}} 4 {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }} 5 {{- end }} 6 7 {{- if not .Values.rbac.scope -}} 8 apiVersion: rbac.authorization.k8s.io/v1 9 kind: ClusterRole 10 metadata: 11 labels: 12 {{- include "ingress-nginx.labels" . | nindent 4 }} 13 {{- with .Values.controller.labels }} 14 {{- toYaml . | nindent 4 }} 15 {{- end }} 16 name: {{ include "ingress-nginx.namespacedfullname" . }} 17 rules: 18 - apiGroups: 19 - "" 20 resources: 21 - configmaps 22 - endpoints 23 - nodes 24 - pods 25 - secrets 26 {{- if not .Values.controller.scope.enabled }} 27 - namespaces 28 {{- end}} 29 verbs: 30 - list 31 - watch 32 - apiGroups: 33 - coordination.k8s.io 34 resources: 35 - leases 36 verbs: 37 - list 38 - watch 39 {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} 40 - apiGroups: 41 - "" 42 resources: 43 - namespaces 44 resourceNames: 45 - "{{ .Values.controller.scope.namespace }}" 46 verbs: 47 - get 48 {{- end }} 49 - apiGroups: 50 - "" 51 resources: 52 - nodes 53 verbs: 54 - get 55 - apiGroups: 56 - "" 57 resources: 58 - services 59 verbs: 60 - get 61 - list 62 - watch 63 - apiGroups: 64 - networking.k8s.io 65 resources: 66 - ingresses 67 verbs: 68 - get 69 - list 70 - watch 71 - apiGroups: 72 - "" 73 resources: 74 - events 75 verbs: 76 - create 77 - patch 78 - apiGroups: 79 - networking.k8s.io 80 resources: 81 - ingresses/status 82 verbs: 83 - update 84 - apiGroups: 85 - networking.k8s.io 86 resources: 87 - ingressclasses 88 verbs: 89 - get 90 - list 91 - watch 92 - apiGroups: 93 - discovery.k8s.io 94 resources: 95 - endpointslices 96 verbs: 97 - list 98 - watch 99 - get 100 {{- end }} 101 102 {{- end }}