github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/rancher/templates/post-delete-hook-cluster-role.yaml (about) 1 {{- if .Values.postDelete.enabled }} 2 kind: ClusterRole 3 apiVersion: rbac.authorization.k8s.io/v1 4 metadata: 5 name: {{ template "rancher.fullname" . }}-post-delete 6 labels: {{ include "rancher.labels" . | nindent 4 }} 7 annotations: 8 "helm.sh/hook": post-delete 9 "helm.sh/hook-weight": "1" 10 "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed 11 rules: 12 - apiGroups: [ "extensions","apps" ] 13 resources: [ "deployments" ] 14 verbs: [ "get", "list", "delete" ] 15 - apiGroups: [ "batch" ] 16 resources: [ "jobs" ] 17 verbs: [ "get", "list", "watch", "delete", "create" ] 18 - apiGroups: [ "rbac.authorization.k8s.io" ] 19 resources: [ "clusterroles", "clusterrolebindings", "roles", "rolebindings" ] 20 verbs: [ "get", "list", "delete", "create" ] 21 - apiGroups: [ "" ] 22 resources: [ "pods", "secrets", "services", "configmaps" ] 23 verbs: [ "get", "list", "delete" ] 24 - apiGroups: [ "" ] 25 resources: [ "serviceaccounts" ] 26 verbs: [ "get", "list", "delete", "create" ] 27 - apiGroups: [ "networking.k8s.io" ] 28 resources: [ "networkpolicies" ] 29 verbs: [ "get", "list", "delete" ] 30 - apiGroups: [ "admissionregistration.k8s.io" ] 31 resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ] 32 verbs: [ "get", "list", "delete" ] 33 - apiGroups: [ "policy" ] 34 resources: [ "podsecuritypolicies" ] 35 verbs: ["delete", "create" ] 36 {{- if eq (include "rancher.chart_psp_enabled" . ) "true" }} 37 - apiGroups: [ "policy" ] 38 resources: [ "podsecuritypolicies" ] 39 verbs: [ "use"] 40 {{- end }} 41 - apiGroups: [ "networking.k8s.io" ] 42 resources: [ "ingresses" ] 43 verbs: [ "delete" ] 44 - apiGroups: [ "cert-manager.io" ] 45 resources: [ "issuers" ] 46 verbs: [ "delete" ] 47 {{- end }}