Google Git
Sign in
apache / incubator-datalab / refs/heads/DATALAB-2102 / . / infrastructure-provisioning / terraform / gcp / ssn-gke / main / modules / helm_charts / step-ca-chart / templates / rbac.yaml
blob: f3fc096e8578b08c09e24b21497be02a195627b0 [file] [log] [blame]
{{- /*
# *****************************************************************************
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# ******************************************************************************
*/ -}}
{{- if .Release.IsInstall -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "step-certificates.fullname" . }}-config
namespace: {{.Release.Namespace}}
labels:
helm.sh/chart: {{ include "step-certificates.chart" . }}
app.kubernetes.io/name: {{ include "step-certificates.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups: [""]
resources: ["secrets", "configmaps"]
verbs: ["get", "create", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "step-certificates.fullname" . }}-config
namespace: {{.Release.Namespace}}
labels:
helm.sh/chart: {{ include "step-certificates.chart" . }}
app.kubernetes.io/name: {{ include "step-certificates.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
subjects:
- kind: ServiceAccount
name: {{ include "step-certificates.fullname" . }}-config
namespace: {{.Release.Namespace}}
roleRef:
kind: Role
name: {{ include "step-certificates.fullname" . }}-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "step-certificates.fullname" . }}-config
labels:
helm.sh/chart: {{ include "step-certificates.chart" . }}
app.kubernetes.io/name: {{ include "step-certificates.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["get", "create", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "step-certificates.fullname" . }}-config
namespace: {{.Release.Namespace}}
labels:
helm.sh/chart: {{ include "step-certificates.chart" . }}
app.kubernetes.io/name: {{ include "step-certificates.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
subjects:
- kind: ServiceAccount
name: {{ include "step-certificates.fullname" . }}-config
namespace: {{.Release.Namespace}}
roleRef:
kind: ClusterRole
name: {{ include "step-certificates.fullname" . }}-config
apiGroup: rbac.authorization.k8s.io
{{- end -}}