istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/gateway/templates/role.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/gateway/templates/role.yaml (about)

     1  {{/*Set up roles for Istio Gateway. Not required for gateway-api*/}}
     2  {{- if .Values.rbac.enabled }}
     3  apiVersion: rbac.authorization.k8s.io/v1
     4  kind: Role
     5  metadata:
     6    name: {{ include "gateway.serviceAccountName" . }}
     7    namespace: {{ .Release.Namespace }}
     8    labels:
     9      {{- include "gateway.labels" . | nindent 4}}
    10    annotations:
    11      {{- .Values.annotations | toYaml | nindent 4 }}
    12  rules:
    13  - apiGroups: [""]
    14    resources: ["secrets"]
    15    verbs: ["get", "watch", "list"]
    16  ---
    17  apiVersion: rbac.authorization.k8s.io/v1
    18  kind: RoleBinding
    19  metadata:
    20    name: {{ include "gateway.serviceAccountName" . }}
    21    namespace: {{ .Release.Namespace }}
    22    labels:
    23      {{- include "gateway.labels" . | nindent 4}}
    24    annotations:
    25      {{- .Values.annotations | toYaml | nindent 4 }}
    26  roleRef:
    27    apiGroup: rbac.authorization.k8s.io
    28    kind: Role
    29    name: {{ include "gateway.serviceAccountName" . }}
    30  subjects:
    31  - kind: ServiceAccount
    32    name: {{ include "gateway.serviceAccountName" . }}
    33  {{- end }}