github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/controller-role.yaml (about)

     1  {{- if .Values.rbac.create -}}
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: Role
     4  metadata:
     5    labels:
     6      {{- include "ingress-nginx.labels" . | nindent 4 }}
     7      app.kubernetes.io/component: controller
     8      {{- with .Values.controller.labels }}
     9      {{- toYaml . | nindent 4 }}
    10      {{- end }}
    11    name: {{ include "ingress-nginx.fullname" . }}
    12    namespace: {{ .Release.Namespace }}
    13  rules:
    14    - apiGroups:
    15        - ""
    16      resources:
    17        - namespaces
    18      verbs:
    19        - get
    20    - apiGroups:
    21        - ""
    22      resources:
    23        - configmaps
    24        - pods
    25        - secrets
    26        - endpoints
    27      verbs:
    28        - get
    29        - list
    30        - watch
    31    - apiGroups:
    32        - ""
    33      resources:
    34        - services
    35      verbs:
    36        - get
    37        - list
    38        - watch
    39    - apiGroups:
    40        - networking.k8s.io
    41      resources:
    42        - ingresses
    43      verbs:
    44        - get
    45        - list
    46        - watch
    47    - apiGroups:
    48        - networking.k8s.io
    49      resources:
    50        - ingresses/status
    51      verbs:
    52        - update
    53    - apiGroups:
    54        - networking.k8s.io
    55      resources:
    56        - ingressclasses
    57      verbs:
    58        - get
    59        - list
    60        - watch
    61    - apiGroups:
    62        - coordination.k8s.io
    63      resources:
    64        - leases
    65      resourceNames:
    66        - {{ include "ingress-nginx.controller.electionID" . }}
    67      verbs:
    68        - get
    69        - update
    70    - apiGroups:
    71        - coordination.k8s.io
    72      resources:
    73        - leases
    74      verbs:
    75        - create
    76    - apiGroups:
    77        - ""
    78      resources:
    79        - events
    80      verbs:
    81        - create
    82        - patch
    83    - apiGroups:
    84        - discovery.k8s.io
    85      resources:
    86        - endpointslices
    87      verbs:
    88        - list
    89        - watch
    90        - get
    91  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
    92  {{- if .Values.podSecurityPolicy.enabled }}
    93    - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
    94      resources:      ['podsecuritypolicies']
    95      verbs:          ['use']
    96      {{- with .Values.controller.existingPsp }}
    97      resourceNames:  [{{ . }}]
    98      {{- else }}
    99      resourceNames:  [{{ include "ingress-nginx.fullname" . }}]
   100      {{- end }}
   101  {{- end }}
   102  {{- end }}
   103  {{- end }}