deploy/charts/dubbo-admin/templates/admin-role.yaml - dubbo-admin - Git at Google

 {{- if and .Values.rbac.enabled (not .Values.rbac.useExistingRole) -}}
 apiVersion: {{ include "dubbo-admin.rbac.apiVersion" . }}
 kind: Role
 metadata:
   name: {{ include "dubbo-admin.fullname" . }}
   namespace: {{ include "dubbo-admin.namespace" . }}
   labels:
     {{- include "dubbo-admin.labels" . | nindent 4 }}
   {{- with .Values.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- if .Values.rbac.pspEnabled }}
 rules:
   {{- if .Values.rbac.pspEnabled }}
   - apiGroups:
       - extensions
     resources:
       - podsecuritypolicies
     verbs:
       - use
     resourceNames:
       - {{ include "dubbo-admin.fullname" . }}
   {{- end }}
   {{- if .Values.rbac.namespaced }}
   - apiGroups: [""] # "" indicates the core API group
     resources: ["configmaps", "secrets"]
     verbs: ["get", "watch", "list"]
   {{- end }}
   {{- with .Values.rbac.extraRoleRules }}
   {{- toYaml . | nindent 2 }}
   {{- end}}
 {{- else }}
 rules: []
 {{- end }}
 {{- end }}
	{{- if and .Values.rbac.enabled (not .Values.rbac.useExistingRole) -}}
	apiVersion: {{ include "dubbo-admin.rbac.apiVersion" . }}
	kind: Role
	metadata:
	name: {{ include "dubbo-admin.fullname" . }}
	namespace: {{ include "dubbo-admin.namespace" . }}
	labels:
	{{- include "dubbo-admin.labels" . \| nindent 4 }}
	{{- with .Values.annotations }}
	annotations:
	{{- toYaml . \| nindent 4 }}
	{{- end }}
	{{- if .Values.rbac.pspEnabled }}
	rules:
	{{- if .Values.rbac.pspEnabled }}
	- apiGroups:
	- extensions
	resources:
	- podsecuritypolicies
	verbs:
	- use
	resourceNames:
	- {{ include "dubbo-admin.fullname" . }}
	{{- end }}
	{{- if .Values.rbac.namespaced }}
	- apiGroups: [""] # "" indicates the core API group
	resources: ["configmaps", "secrets"]
	verbs: ["get", "watch", "list"]
	{{- end }}
	{{- with .Values.rbac.extraRoleRules }}
	{{- toYaml . \| nindent 2 }}
	{{- end}}
	{{- else }}
	rules: []
	{{- end }}
	{{- end }}