sigs.k8s.io/external-dns@v0.14.1/charts/external-dns/templates/clusterrole.yaml (about) 1 {{- if .Values.rbac.create -}} 2 apiVersion: rbac.authorization.k8s.io/v1 3 kind: {{ .Values.namespaced | ternary "Role" "ClusterRole" }} 4 metadata: 5 name: {{ template "external-dns.fullname" . }} 6 labels: 7 {{- include "external-dns.labels" . | nindent 4 }} 8 rules: 9 {{- if and (not .Values.namespaced) (or (has "node" .Values.sources) (has "pod" .Values.sources) (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources)) }} 10 - apiGroups: [""] 11 resources: ["nodes"] 12 verbs: ["list","watch"] 13 {{- end }} 14 {{- if or (has "pod" .Values.sources) (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} 15 - apiGroups: [""] 16 resources: ["pods"] 17 verbs: ["get","watch","list"] 18 {{- end }} 19 {{- if or (has "service" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "gloo-proxy" .Values.sources) (has "istio-gateway" .Values.sources) (has "istio-virtualservice" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} 20 - apiGroups: [""] 21 resources: ["services","endpoints"] 22 verbs: ["get","watch","list"] 23 {{- end }} 24 {{- if or (has "ingress" .Values.sources) (has "contour-httpproxy" .Values.sources) (has "openshift-route" .Values.sources) (has "skipper-routegroup" .Values.sources) }} 25 - apiGroups: ["extensions","networking.k8s.io"] 26 resources: ["ingresses"] 27 verbs: ["get","watch","list"] 28 {{- end }} 29 {{- if or (has "istio-gateway" .Values.sources) (has "istio-virtualservice" .Values.sources) }} 30 - apiGroups: ["networking.istio.io"] 31 resources: ["gateways"] 32 verbs: ["get","watch","list"] 33 {{- end }} 34 35 {{- if has "istio-virtualservice" .Values.sources }} 36 - apiGroups: ["networking.istio.io"] 37 resources: ["virtualservices"] 38 verbs: ["get","watch","list"] 39 {{- end }} 40 {{- if has "ambassador-host" .Values.sources }} 41 - apiGroups: ["getambassador.io"] 42 resources: ["hosts","ingresses"] 43 verbs: ["get","watch","list"] 44 {{- end }} 45 {{- if has "contour-httpproxy" .Values.sources }} 46 - apiGroups: ["projectcontour.io"] 47 resources: ["httpproxies"] 48 verbs: ["get","watch","list"] 49 {{- end }} 50 {{- if has "crd" .Values.sources }} 51 - apiGroups: ["externaldns.k8s.io"] 52 resources: ["dnsendpoints"] 53 verbs: ["get","watch","list"] 54 - apiGroups: ["externaldns.k8s.io"] 55 resources: ["dnsendpoints/status"] 56 verbs: ["*"] 57 {{- end }} 58 {{- if or (has "gateway-httproute" .Values.sources) (has "gateway-grpcroute" .Values.sources) (has "gateway-tlsroute" .Values.sources) (has "gateway-tcproute" .Values.sources) (has "gateway-udproute" .Values.sources) }} 59 - apiGroups: ["gateway.networking.k8s.io"] 60 resources: ["gateways"] 61 verbs: ["get","watch","list"] 62 - apiGroups: [""] 63 resources: ["namespaces"] 64 verbs: ["get","watch","list"] 65 {{- end }} 66 {{- if has "gateway-httproute" .Values.sources }} 67 - apiGroups: ["gateway.networking.k8s.io"] 68 resources: ["httproutes"] 69 verbs: ["get","watch","list"] 70 {{- end }} 71 {{- if has "gateway-grpcroute" .Values.sources }} 72 - apiGroups: ["gateway.networking.k8s.io"] 73 resources: ["grpcroutes"] 74 verbs: ["get","watch","list"] 75 {{- end }} 76 {{- if has "gateway-tlsroute" .Values.sources }} 77 - apiGroups: ["gateway.networking.k8s.io"] 78 resources: ["tlsroutes"] 79 verbs: ["get","watch","list"] 80 {{- end }} 81 {{- if has "gateway-tcproute" .Values.sources }} 82 - apiGroups: ["gateway.networking.k8s.io"] 83 resources: ["tcproutes"] 84 verbs: ["get","watch","list"] 85 {{- end }} 86 {{- if has "gateway-udproute" .Values.sources }} 87 - apiGroups: ["gateway.networking.k8s.io"] 88 resources: ["udproutes"] 89 verbs: ["get","watch","list"] 90 {{- end }} 91 {{- if has "gloo-proxy" .Values.sources }} 92 - apiGroups: ["gloo.solo.io","gateway.solo.io"] 93 resources: ["proxies","virtualservices"] 94 verbs: ["get","watch","list"] 95 {{- end }} 96 {{- if has "kong-tcpingress" .Values.sources }} 97 - apiGroups: ["configuration.konghq.com"] 98 resources: ["tcpingresses"] 99 verbs: ["get","watch","list"] 100 {{- end }} 101 {{- if has "traefik-proxy" .Values.sources }} 102 - apiGroups: ["traefik.containo.us", "traefik.io"] 103 resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"] 104 verbs: ["get","watch","list"] 105 {{- end }} 106 {{- if has "openshift-route" .Values.sources }} 107 - apiGroups: ["route.openshift.io"] 108 resources: ["routes"] 109 verbs: ["get","watch","list"] 110 {{- end }} 111 {{- if has "skipper-routegroup" .Values.sources }} 112 - apiGroups: ["zalando.org"] 113 resources: ["routegroups"] 114 verbs: ["get","watch","list"] 115 - apiGroups: ["zalando.org"] 116 resources: ["routegroups/status"] 117 verbs: ["patch","update"] 118 {{- end }} 119 {{- if has "f5-virtualserver" .Values.sources }} 120 - apiGroups: ["cis.f5.com"] 121 resources: ["virtualservers"] 122 verbs: ["get","watch","list"] 123 {{- end }} 124 {{- with .Values.rbac.additionalPermissions }} 125 {{- toYaml . | nindent 2 }} 126 {{- end }} 127 {{- end }}