github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/keycloak/templates/serviceaccount.yaml (about) 1 {{- if .Values.serviceAccount.create -}} 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: {{ include "keycloak.serviceAccountName" . }} 6 namespace: {{ .Release.Namespace }} 7 {{- with .Values.serviceAccount.annotations }} 8 annotations: 9 {{- range $key, $value := . }} 10 {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} 11 {{- end }} 12 {{- end }} 13 labels: 14 {{- include "keycloak.labels" . | nindent 4 }} 15 {{- range $key, $value := .Values.serviceAccount.labels }} 16 {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} 17 {{- end }} 18 imagePullSecrets: 19 {{- toYaml .Values.serviceAccount.imagePullSecrets | nindent 4 }} 20 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 21 22 --- 23 24 {{- if .Values.serviceAccount.allowReadPods -}} 25 kind: ClusterRole 26 apiVersion: rbac.authorization.k8s.io/v1 27 metadata: 28 name: jgroups-kubeping-pod-reader-{{ .Release.Namespace }} 29 rules: 30 - apiGroups: [""] 31 resources: ["pods"] 32 verbs: ["get", "list"] 33 --- 34 apiVersion: rbac.authorization.k8s.io/v1 35 kind: ClusterRoleBinding 36 metadata: 37 name: jgroups-kubeping-api-access-{{ .Release.Namespace }} 38 roleRef: 39 apiGroup: rbac.authorization.k8s.io 40 kind: ClusterRole 41 name: jgroups-kubeping-pod-reader-{{ .Release.Namespace }} 42 subjects: 43 - kind: ServiceAccount 44 name: {{ include "keycloak.serviceAccountName" . }} 45 namespace: {{ .Release.Namespace }} 46 {{- end }} 47 {{- end }}