github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/query-frontend/psp-clusterrole.yaml (about)

     1  {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) }}
     2  {{- if and $pspAvailable .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create }}
     3  apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
     4  kind: ClusterRole
     5  metadata:
     6    name: {{ include "common.names.fullname" . }}-query-frontend
     7    namespace: {{ .Release.Namespace | quote }}
     8    labels: {{- include "common.labels.standard" . | nindent 4 }}
     9      app.kubernetes.io/component: query-frontend
    10      {{- if .Values.commonLabels }}
    11      {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    12      {{- end }}
    13    {{- if .Values.commonAnnotations }}
    14    annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    15    {{- end }}
    16  rules:
    17    - apiGroups: ['policy']
    18      resources: ['podsecuritypolicies']
    19      verbs:     ['use']
    20      resourceNames:
    21        - {{ include "common.names.fullname" . }}-query-frontend
    22    {{- if .Values.queryFrontend.rbac.rules }}
    23    {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.rbac.rules "context" $ ) | nindent 2 }}
    24    {{- end }}
    25  {{- end }}