Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
rbac.yaml 1.96 KB
Newer Older
shanewxy's avatar
Copied from rancher-logging/0.1.3  
shanewxy committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 
{{- if .Values.rbac.create -}}
kind: ClusterRole
apiVersion: {{ template "rbac_api_version" . }}
metadata:
  name: {{ template "fluentd.fullname" . }}
  labels:
    app: {{ template "fluentd.name" . }}
    chart: {{ template "fluentd.version" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
rules:
- apiGroups:
  - ""
  resources:
  - "namespaces"
  - "pods"
  verbs:
  - "get"
  - "watch"
  - "list"
---
kind: ClusterRoleBinding
apiVersion: {{ template "rbac_api_version" . }}
metadata:
  name: {{ template "fluentd.fullname" . }}
  labels:
    app: {{ template "fluentd.name" . }}
    chart: {{ template "fluentd.version" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
  name: {{ template "fluentd.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
roleRef:
  kind: ClusterRole
  name: {{ template "fluentd.fullname" . }}
  apiGroup: rbac.authorization.k8s.io
{{- if .Values.global.podSecurityPolicy.enabled }}
---
kind: Role
apiVersion: {{ template "rbac_api_version" . }}
metadata:
  name: {{ template "fluentd.fullname" . }}-psp-role
  labels:
    app: {{ template "fluentd.name" . }}
    chart: {{ template "fluentd.version" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
rules:
- apiGroups:
  - "policy"
  resources:
  - "podsecuritypolicies"
  resourceNames:
  - {{ .Release.Name }}-psp
  verbs:
  - "use"
---
kind: RoleBinding
apiVersion: {{ template "rbac_api_version" . }}
metadata:
  name: {{ template "fluentd.fullname" . }}-psp-rolebinding
  labels:
    app: {{ template "fluentd.name" . }}
    chart: {{ template "fluentd.version" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
  name: {{ template "fluentd.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
roleRef:
  kind: Role
  name: {{ template "fluentd.fullname" . }}-psp-role
  apiGroup: rbac.authorization.k8s.io
{{- end -}}
{{- end -}}