rancher-charts/charts/pv-resizer/v0.1.0/templates/rbac.yaml

{{ if .Values.rbac.create }}
# This role is used to allow pv-resizer to get namespaces and patch PVCs
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ .Release.Name }}-role
  labels:
    {{- include "pv-resizer.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
  resources: 
    - namespaces
    - pods
    - nodes
    - nodes/proxy
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["get", "list", "patch", "update"]
- apiGroups: ["apps"]
  resources: 
    - deployments
    - deployments/scale
    - statefulsets
    - statefulsets/scale
  verbs: ["get", "list", "patch", "update"]

---
# We bind the role to the pv-resizer ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ .Release.Name }}-binding
  labels:
    {{- include "pv-resizer.labels" . | nindent 4 }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ .Release.Name }}-role
subjects:
- kind: ServiceAccount
  name: {{ include "pv-resizer.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
{{ end }}
Added pvresizer helm chart 3 years ago			`{{ if .Values.rbac.create }}`
			`# This role is used to allow pv-resizer to get namespaces and patch PVCs`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
Change name for ClusterRole and ClusterRoleBinding 3 years ago			`name: {{ .Release.Name }}-role`
Added pvresizer helm chart 3 years ago			`labels:`
			`{{- include "pv-resizer.labels" . \| nindent 4 }}`
			`rules:`
			`- apiGroups: [""]`
Add permission to list nodes do pvresizer account 3 years ago			`resources:`
			`- namespaces`
			`- pods`
			`- nodes`
Add nodes/proxy permission to pvresizer account 3 years ago			`- nodes/proxy`
Add list permission for namespaces 3 years ago			`verbs: ["get", "list"]`
Added pvresizer helm chart 3 years ago			`- apiGroups: [""]`
Fix listing of deps and ssets 3 years ago			`resources: ["persistentvolumeclaims"]`
			`verbs: ["get", "list", "patch", "update"]`
			`- apiGroups: ["apps"]`
Added pvresizer helm chart 3 years ago			`resources:`
			`- deployments`
Add permission to update scale 3 years ago			`- deployments/scale`
Added pvresizer helm chart 3 years ago			`- statefulsets`
Add permission to update scale 3 years ago			`- statefulsets/scale`
Added pvresizer helm chart 3 years ago			`verbs: ["get", "list", "patch", "update"]`

Missing object separtion in yaml file 3 years ago			`---`
Added pvresizer helm chart 3 years ago			`# We bind the role to the pv-resizer ServiceAccount`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
Change name for ClusterRole and ClusterRoleBinding 3 years ago			`name: {{ .Release.Name }}-binding`
Added pvresizer helm chart 3 years ago			`labels:`
			`{{- include "pv-resizer.labels" . \| nindent 4 }}`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
Fix issue with ClusterRoleBinding 3 years ago			`kind: ClusterRole`
Change name for ClusterRole and ClusterRoleBinding 3 years ago			`name: {{ .Release.Name }}-role`
Added pvresizer helm chart 3 years ago			`subjects:`
			`- kind: ServiceAccount`
			`name: {{ include "pv-resizer.serviceAccountName" . }}`
			`namespace: {{ .Release.Namespace }}`
			`{{ end }}`