35 lines
846 B
YAML
35 lines
846 B
YAML
|
{{- define "lib.rbac" -}}
|
||
|
{{- range $k, $v := .Values.rbac }}
|
||
|
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
|
||
|
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: {{ $v.role.kind }}
|
||
|
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||
|
rules:
|
||
|
{{ $v.role.rules | toYaml | indent 2}}
|
||
|
|
||
|
{{- if $v.serviceAccount }}
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||
|
---
|
||
|
kind: {{ $v.binding.kind }}
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
|
||
|
subjects:
|
||
|
|
||
|
- kind: ServiceAccount
|
||
|
name: {{ $customName }}
|
||
|
namespace: {{ $.Release.Namespace }}
|
||
|
roleRef:
|
||
|
kind: {{ $v.role.kind }}
|
||
|
name: {{ $customName }}
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- end -}}
|
||
|
|