istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/ztunnel/templates/rbac.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/ztunnel/templates/rbac.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3    {{- with .Values.imagePullSecrets }}
     4  imagePullSecrets:
     5    {{- range . }}
     6    - name: {{ . }}
     7    {{- end }}
     8    {{- end }}
     9  metadata:
    10    name: ztunnel
    11    namespace: {{ .Release.Namespace }}
    12    labels:
    13      {{- .Values.labels | toYaml | nindent 4}}
    14    annotations:
    15      {{- .Values.annotations | toYaml | nindent 4 }}
    16  ---
    17  {{- if (eq .Values.platform "openshift") }}
    18  apiVersion: rbac.authorization.k8s.io/v1
    19  kind: ClusterRole
    20  metadata:
    21    name: ztunnel
    22    labels:
    23      app: ztunnel
    24      release: {{ .Release.Name }}
    25      istio.io/rev: {{ .Values.revision | default "default" }}
    26      install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
    27  rules:
    28  - apiGroups: ["security.openshift.io"]
    29    resources: ["securitycontextconstraints"]
    30    resourceNames: ["privileged"]
    31    verbs: ["use"]
    32  ---
    33  apiVersion: rbac.authorization.k8s.io/v1
    34  kind: ClusterRoleBinding
    35  metadata:
    36    name: ztunnel
    37    labels:
    38      app: ztunnel
    39      release: {{ .Release.Name }}
    40      istio.io/rev: {{ .Values.revision | default "default" }}
    41      install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
    42  roleRef:
    43    apiGroup: rbac.authorization.k8s.io
    44    kind: ClusterRole
    45    name: ztunnel
    46  subjects:
    47  - kind: ServiceAccount
    48    name: ztunnel
    49    namespace: {{ .Release.Namespace }}
    50  {{- end }}
    51  ---