softplayer-helm-lib/charts/workload/templates/rbac/_rbac.yaml

35 lines
846 B
YAML

{{- define "lib.rbac" -}}
{{- range $k, $v := .Values.rbac }}
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $v.role.kind }}
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
rules:
{{ $v.role.rules | toYaml | indent 2}}
{{- if $v.serviceAccount }}
---
apiVersion: v1
kind: ServiceAccount
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
---
kind: {{ $v.binding.kind }}
apiVersion: rbac.authorization.k8s.io/v1
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
subjects:
- kind: ServiceAccount
name: {{ $customName }}
namespace: {{ $.Release.Namespace }}
roleRef:
kind: {{ $v.role.kind }}
name: {{ $customName }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}
{{- end -}}