{{- if .Values.global.podSecurityPolicy.enabled -}} kind: Role apiVersion: {{ template "rbac_api_version" . }} metadata: name: {{ template "log-aggregator.fullname" . }}-psp-role labels: app: {{ template "log-aggregator.name" . }} chart: {{ template "log-aggregator.version" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: - apiGroups: - "policy" resources: - "podsecuritypolicies" resourceNames: - {{ .Release.Name }}-psp verbs: - "use" --- kind: RoleBinding apiVersion: {{ template "rbac_api_version" . }} metadata: name: {{ template "log-aggregator.fullname" . }}-psp-rolebinding labels: app: {{ template "log-aggregator.name" . }} chart: {{ template "log-aggregator.version" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} subjects: - kind: ServiceAccount name: {{ template "log-aggregator.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: kind: Role name: {{ template "log-aggregator.fullname" . }}-psp-role apiGroup: rbac.authorization.k8s.io {{- end -}}
