| {{- if .Values.global.configCluster }} |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} |
| labels: |
| app: istiod |
| release: {{ .Release.Name }} |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} |
| subjects: |
| - kind: ServiceAccount |
| name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} |
| namespace: {{ .Values.global.istioNamespace }} |
| --- |
| {{- if not (eq (toString .Values.pilot.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} |
| labels: |
| app: istiod |
| release: {{ .Release.Name }} |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} |
| subjects: |
| - kind: ServiceAccount |
| name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} |
| namespace: {{ .Values.global.istioNamespace }} |
| {{- end }} |
| {{- end }} |