aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common/serviceAccount/templates/role.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common/serviceAccount/templates/role.yaml')
-rw-r--r--kubernetes/common/serviceAccount/templates/role.yaml93
1 files changed, 6 insertions, 87 deletions
diff --git a/kubernetes/common/serviceAccount/templates/role.yaml b/kubernetes/common/serviceAccount/templates/role.yaml
index d6d041f916..90708854ff 100644
--- a/kubernetes/common/serviceAccount/templates/role.yaml
+++ b/kubernetes/common/serviceAccount/templates/role.yaml
@@ -47,95 +47,14 @@ metadata:
namespace: {{ include "common.namespace" $dot }}
rules:
{{- if eq $role_type "read" }}
-- apiGroups:
- - "" # "" indicates the core API group
- - apps
- - batch
- - extensions
- resources:
- - endpoints
- - services
- - nodes
- - pods
- - deployments
- - deployments/status
- - jobs
- - jobs/status
- - statefulsets
- - replicasets
- - replicasets/status
- - daemonsets
- verbs:
- - get
- - watch
- - list
+{{- with $dot.Values.role.read }}
+ {{- toYaml . | nindent 2 }}
+{{- end }}
{{- else }}
{{- if eq $role_type "create" }}
-- apiGroups:
- - "" # "" indicates the core API group
- - apps
- - batch
- - extensions
- resources:
- - pods
- - deployments
- - deployments/status
- - jobs
- - jobs/status
- - statefulsets
- - replicasets
- - replicasets/status
- - daemonsets
- - secrets
- - services
- verbs:
- - get
- - watch
- - list
-- apiGroups:
- - "" # "" indicates the core API group
- - apps
- resources:
- - statefulsets
- - configmaps
- verbs:
- - patch
-- apiGroups:
- - "" # "" indicates the core API group
- - apps
- resources:
- - deployments
- - secrets
- - services
- - pods
- verbs:
- - create
-- apiGroups:
- - "" # "" indicates the core API group
- - apps
- resources:
- - pods
- - persistentvolumeclaims
- - secrets
- - deployments
- - services
- verbs:
- - delete
-- apiGroups:
- - "" # "" indicates the core API group
- - apps
- resources:
- - pods/exec
- verbs:
- - create
- - get
-- apiGroups:
- - cert-manager.io
- resources:
- - certificates
- verbs:
- - create
- - delete
+{{- with $dot.Values.role.create }}
+ {{- toYaml . | nindent 2 }}
+{{- end }}
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself