| {{- $ingress := .Values.ingress -}} |
| {{- $rbac := .Values.rbac -}} |
| {{- if $ingress.enabled }} |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: {{ template "traefik.name" . }} |
| namespace: {{ template "ingress.namespace" . }} |
| --- |
| apiVersion: {{ include "rbac.apiVersion" . }} |
| kind: ClusterRole |
| metadata: |
| name: {{ include "traefik.name" . }}-clusterrole |
| rules: |
| - apiGroups: |
| - extensions |
| - networking.k8s.io |
| resources: |
| - ingressclasses |
| - ingresses |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - services |
| - endpoints |
| - secrets |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - extensions |
| - networking.k8s.io |
| resources: |
| - ingresses/status |
| verbs: |
| - update |
| - apiGroups: |
| - traefik.io |
| - traefik.containo.us |
| resources: |
| - ingressroutes |
| - ingressroutetcps |
| - ingressrouteudps |
| - middlewares |
| - middlewaretcps |
| - tlsoptions |
| - tlsstores |
| - traefikservices |
| - serverstransports |
| verbs: |
| - get |
| - list |
| - watch |
| --- |
| apiVersion: {{ include "rbac.apiVersion" . }} |
| kind: ClusterRoleBinding |
| metadata: |
| name: {{ include "traefik.name" . }}-clusterrolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: {{ include "traefik.name" . }}-clusterrole |
| subjects: |
| - kind: ServiceAccount |
| name: {{ template "traefik.name" . }} |
| namespace: {{ template "ingress.namespace" . }} |
| {{- end -}} |