github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/controller-role.yaml (about) 1 {{- if .Values.rbac.create -}} 2 apiVersion: rbac.authorization.k8s.io/v1 3 kind: Role 4 metadata: 5 labels: 6 {{- include "ingress-nginx.labels" . | nindent 4 }} 7 app.kubernetes.io/component: controller 8 {{- with .Values.controller.labels }} 9 {{- toYaml . | nindent 4 }} 10 {{- end }} 11 name: {{ include "ingress-nginx.fullname" . }} 12 namespace: {{ .Release.Namespace }} 13 rules: 14 - apiGroups: 15 - "" 16 resources: 17 - namespaces 18 verbs: 19 - get 20 - apiGroups: 21 - "" 22 resources: 23 - configmaps 24 - pods 25 - secrets 26 - endpoints 27 verbs: 28 - get 29 - list 30 - watch 31 - apiGroups: 32 - "" 33 resources: 34 - services 35 verbs: 36 - get 37 - list 38 - watch 39 - apiGroups: 40 - networking.k8s.io 41 resources: 42 - ingresses 43 verbs: 44 - get 45 - list 46 - watch 47 - apiGroups: 48 - networking.k8s.io 49 resources: 50 - ingresses/status 51 verbs: 52 - update 53 - apiGroups: 54 - networking.k8s.io 55 resources: 56 - ingressclasses 57 verbs: 58 - get 59 - list 60 - watch 61 - apiGroups: 62 - coordination.k8s.io 63 resources: 64 - leases 65 resourceNames: 66 - {{ include "ingress-nginx.controller.electionID" . }} 67 verbs: 68 - get 69 - update 70 - apiGroups: 71 - coordination.k8s.io 72 resources: 73 - leases 74 verbs: 75 - create 76 - apiGroups: 77 - "" 78 resources: 79 - events 80 verbs: 81 - create 82 - patch 83 - apiGroups: 84 - discovery.k8s.io 85 resources: 86 - endpointslices 87 verbs: 88 - list 89 - watch 90 - get 91 {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} 92 {{- if .Values.podSecurityPolicy.enabled }} 93 - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}] 94 resources: ['podsecuritypolicies'] 95 verbs: ['use'] 96 {{- with .Values.controller.existingPsp }} 97 resourceNames: [{{ . }}] 98 {{- else }} 99 resourceNames: [{{ include "ingress-nginx.fullname" . }}] 100 {{- end }} 101 {{- end }} 102 {{- end }} 103 {{- end }}