weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5a17c58c03
cert-manager/deploy/chart/templates/rbac.yaml
James Munnelly 5a17c58c03 Rearrange Helm charts into deploy/ and test/e2e/charts directories 
Signed-off-by: James Munnelly <james@munnelly.eu>
2018-12-04 16:19:49 +00:00

73 lines
2.4 KiB
YAML
Raw Blame History

{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ template "cert-manager.fullname" . }}
labels:
app: {{ template "cert-manager.name" . }}
chart: {{ template "cert-manager.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups: ["certmanager.k8s.io"]
resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"]
verbs: ["*"]
- apiGroups: [""]
resources: ["configmaps", "secrets", "events", "services", "pods"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ template "cert-manager.fullname" . }}
labels:
app: {{ template "cert-manager.name" . }}
chart: {{ template "cert-manager.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "cert-manager.fullname" . }}
subjects:
- name: {{ template "cert-manager.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cert-manager.fullname" . }}-view
labels:
app: {{ template "cert-manager.name" . }}
chart: {{ template "cert-manager.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["certmanager.k8s.io"]
resources: ["certificates", "issuers"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cert-manager.fullname" . }}-edit
labels:
app: {{ template "cert-manager.name" . }}
chart: {{ template "cert-manager.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["certmanager.k8s.io"]
resources: ["certificates", "issuers"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink