manifests/charts/istio-cni/templates/clusterrole.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: istio-cni
   labels:
     app: istio-cni
     release: {{ .Release.Name }}
     istio.io/rev: {{ .Values.revision | default "default" }}
     install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
     operator.istio.io/component: "Cni"
 rules:
 - apiGroups: [""]
   resources:
   - pods
   - nodes
   verbs:
   - get
 ---
 {{- if .Values.cni.repair.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: istio-cni-repair-role
   labels:
     app: istio-cni
     release: {{ .Release.Name }}
     istio.io/rev: {{ .Values.revision | default "default" }}
     install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
     operator.istio.io/component: "Cni"
 rules:
 - apiGroups: [""]
   resources: ["pods"]
   verbs: ["get", "list", "watch", "delete", "patch", "update" ]
 - apiGroups: [""]
   resources: ["events"]
   verbs: ["get", "list", "watch", "delete", "patch", "update", "create" ]
 {{- end }}
 ---
   {{- if .Values.cni.taint.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: istio-cni-taint-role
   labels:
     app: istio-cni
     release: {{ .Release.Name }}
     istio.io/rev: {{ .Values.revision | default "default" }}
     install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
     operator.istio.io/component: "Cni"
 rules:
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["get", "list", "watch", "patch"]
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch", "update", "patch"]
   - apiGroups: [""]
     resources: ["configmaps"]
     verbs: ["get", "list"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "list", "create", "update"]
   {{- end }}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: istio-cni
	labels:
	app: istio-cni
	release: {{ .Release.Name }}
	istio.io/rev: {{ .Values.revision \| default "default" }}
	install.operator.istio.io/owning-resource: {{ .Values.ownerName \| default "unknown" }}
	operator.istio.io/component: "Cni"
	rules:
	- apiGroups: [""]
	resources:
	- pods
	- nodes
	verbs:
	- get
	---
	{{- if .Values.cni.repair.enabled }}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: istio-cni-repair-role
	labels:
	app: istio-cni
	release: {{ .Release.Name }}
	istio.io/rev: {{ .Values.revision \| default "default" }}
	install.operator.istio.io/owning-resource: {{ .Values.ownerName \| default "unknown" }}
	operator.istio.io/component: "Cni"
	rules:
	- apiGroups: [""]
	resources: ["pods"]
	verbs: ["get", "list", "watch", "delete", "patch", "update" ]
	- apiGroups: [""]
	resources: ["events"]
	verbs: ["get", "list", "watch", "delete", "patch", "update", "create" ]
	{{- end }}
	---
	{{- if .Values.cni.taint.enabled }}
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: istio-cni-taint-role
	labels:
	app: istio-cni
	release: {{ .Release.Name }}
	istio.io/rev: {{ .Values.revision \| default "default" }}
	install.operator.istio.io/owning-resource: {{ .Values.ownerName \| default "unknown" }}
	operator.istio.io/component: "Cni"
	rules:
	- apiGroups: [""]
	resources: ["pods"]
	verbs: ["get", "list", "watch", "patch"]
	- apiGroups: [""]
	resources: ["nodes"]
	verbs: ["get", "list", "watch", "update", "patch"]
	- apiGroups: [""]
	resources: ["configmaps"]
	verbs: ["get", "list"]
	- apiGroups: ["coordination.k8s.io"]
	resources: ["leases"]
	verbs: ["get", "list", "create", "update"]
	{{- end }}