github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/keycloak/templates/serviceaccount.yaml (about)

     1  {{- if .Values.serviceAccount.create -}}
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    name: {{ include "keycloak.serviceAccountName" . }}
     6    namespace: {{ .Release.Namespace }}
     7    {{- with .Values.serviceAccount.annotations }}
     8    annotations:
     9      {{- range $key, $value := . }}
    10      {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
    11      {{- end }}
    12    {{- end }}
    13    labels:
    14      {{- include "keycloak.labels" . | nindent 4 }}
    15      {{- range $key, $value := .Values.serviceAccount.labels }}
    16      {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
    17      {{- end }}
    18  imagePullSecrets:
    19    {{- toYaml .Values.serviceAccount.imagePullSecrets | nindent 4 }}
    20  automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
    21  
    22  ---
    23  
    24    {{- if .Values.serviceAccount.allowReadPods -}}
    25  kind: ClusterRole
    26  apiVersion: rbac.authorization.k8s.io/v1
    27  metadata:
    28    name: jgroups-kubeping-pod-reader-{{ .Release.Namespace }}
    29  rules:
    30    - apiGroups: [""]
    31      resources: ["pods"]
    32      verbs: ["get", "list"]
    33  ---
    34  apiVersion: rbac.authorization.k8s.io/v1
    35  kind: ClusterRoleBinding
    36  metadata:
    37    name: jgroups-kubeping-api-access-{{ .Release.Namespace }}
    38  roleRef:
    39    apiGroup: rbac.authorization.k8s.io
    40    kind: ClusterRole
    41    name: jgroups-kubeping-pod-reader-{{ .Release.Namespace }}
    42  subjects:
    43    - kind: ServiceAccount
    44      name: {{ include "keycloak.serviceAccountName" . }}
    45      namespace: {{ .Release.Namespace }}
    46    {{- end }}
    47  {{- end }}