github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/query/psp-clusterrole.yaml (about) 1 {{- $query := (include "thanos.query.values" . | fromYaml) }} 2 {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) }} 3 {{- if and $pspAvailable $query.enabled $query.pspEnabled $query.rbac.create }} 4 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} 5 kind: ClusterRole 6 metadata: 7 name: {{ include "common.names.fullname" . }}-query 8 namespace: {{ .Release.Namespace | quote }} 9 labels: {{- include "common.labels.standard" . | nindent 4 }} 10 app.kubernetes.io/component: query 11 {{- if .Values.commonLabels }} 12 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} 13 {{- end }} 14 {{- if .Values.commonAnnotations }} 15 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} 16 {{- end }} 17 rules: 18 - apiGroups: ['policy'] 19 resources: ['podsecuritypolicies'] 20 verbs: ['use'] 21 resourceNames: 22 - {{ include "common.names.fullname" . }}-query 23 {{- if .Values.query.rbac.rules }} 24 {{- include "common.tplvalues.render" ( dict "value" .Values.query.rbac.rules "context" $ ) | nindent 2 }} 25 {{- end }} 26 {{- end }}