master-group/charts
2
0
Fork 0
mirror of https://github.com/k8s-at-home/charts.git synced 2025-01-24 16:09:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
32c21ea851
charts/provisioner/templates/provisioner-cluster-role-binding.yaml

125 lines
3.5 KiB
YAML
Raw Normal View History

copying submodule charts instead of symlink (#65) * copying submodule charts instead of symlink * fix linting for provisioner chart * fix linting * removing trailing space * linting fixes
2019-08-09 03:48:25 +00:00
{{- if .Values.common.rbac }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: local-storage-provisioner-pv-binding
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.daemonset.serviceAccount }}
namespace: {{ .Values.common.namespace }}
roleRef:
kind: ClusterRole
name: system:persistent-volume-provisioner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: local-storage-provisioner-node-clusterrole
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: local-storage-provisioner-node-binding
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.daemonset.serviceAccount }}
namespace: {{ .Values.common.namespace }}
roleRef:
kind: ClusterRole
name: local-storage-provisioner-node-clusterrole
apiGroup: rbac.authorization.k8s.io
{{- if .Values.common.useJobForCleaning }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: local-storage-provisioner-jobs-role
namespace: {{ .Values.common.namespace }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
rules:
- apiGroups:
- 'batch'
resources:
- jobs
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: local-storage-provisioner-jobs-rolebinding
namespace: {{ .Values.common.namespace }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.daemonset.serviceAccount }}
namespace: {{ .Values.common.namespace }}
roleRef:
kind: Role
name: local-storage-provisioner-jobs-role
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- if .Values.common.podSecurityPolicy }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: local-storage-provisioner-psp-role
namespace: {{ .Values.common.namespace }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
resourceNames:
- local-storage-provisioner-pod-security-policy
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: local-storage-provisioner-psp-rolebinding
namespace: {{ .Values.common.namespace }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.daemonset.serviceAccount }}
namespace: {{ .Values.common.namespace }}
roleRef:
kind: Role
name: local-storage-provisioner-psp-role
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}
Reference in New Issue Copy Permalink