| {{- if .Release.IsInstall -}} |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: Role |
| metadata: |
| name: {{ include "step-certificates.fullname" . }}-config |
| namespace: {{.Release.Namespace}} |
| labels: |
| helm.sh/chart: {{ include "step-certificates.chart" . }} |
| app.kubernetes.io/name: {{ include "step-certificates.name" . }} |
| app.kubernetes.io/instance: {{ .Release.Name }} |
| app.kubernetes.io/managed-by: {{ .Release.Service }} |
| app.kubernetes.io/version: {{ .Chart.AppVersion }} |
| rules: |
| - apiGroups: [""] |
| resources: ["secrets", "configmaps"] |
| verbs: ["get", "create", "update", "patch"] |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| name: {{ include "step-certificates.fullname" . }}-config |
| namespace: {{.Release.Namespace}} |
| labels: |
| helm.sh/chart: {{ include "step-certificates.chart" . }} |
| app.kubernetes.io/name: {{ include "step-certificates.name" . }} |
| app.kubernetes.io/instance: {{ .Release.Name }} |
| app.kubernetes.io/managed-by: {{ .Release.Service }} |
| app.kubernetes.io/version: {{ .Chart.AppVersion }} |
| subjects: |
| - kind: ServiceAccount |
| name: {{ include "step-certificates.fullname" . }}-config |
| namespace: {{.Release.Namespace}} |
| roleRef: |
| kind: Role |
| name: {{ include "step-certificates.fullname" . }}-config |
| apiGroup: rbac.authorization.k8s.io |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: {{ include "step-certificates.fullname" . }}-config |
| labels: |
| helm.sh/chart: {{ include "step-certificates.chart" . }} |
| app.kubernetes.io/name: {{ include "step-certificates.name" . }} |
| app.kubernetes.io/instance: {{ .Release.Name }} |
| app.kubernetes.io/managed-by: {{ .Release.Service }} |
| app.kubernetes.io/version: {{ .Chart.AppVersion }} |
| rules: |
| - apiGroups: ["admissionregistration.k8s.io"] |
| resources: ["mutatingwebhookconfigurations"] |
| verbs: ["get", "create", "update", "patch"] |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: {{ include "step-certificates.fullname" . }}-config |
| namespace: {{.Release.Namespace}} |
| labels: |
| helm.sh/chart: {{ include "step-certificates.chart" . }} |
| app.kubernetes.io/name: {{ include "step-certificates.name" . }} |
| app.kubernetes.io/instance: {{ .Release.Name }} |
| app.kubernetes.io/managed-by: {{ .Release.Service }} |
| app.kubernetes.io/version: {{ .Chart.AppVersion }} |
| subjects: |
| - kind: ServiceAccount |
| name: {{ include "step-certificates.fullname" . }}-config |
| namespace: {{.Release.Namespace}} |
| roleRef: |
| kind: ClusterRole |
| name: {{ include "step-certificates.fullname" . }}-config |
| apiGroup: rbac.authorization.k8s.io |
| {{- end -}} |