Interlegis Public Rancher Charts for Kubernetes
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

37 lines
966 B

{{ if .Values.rbac.create }}
# This role is used to allow pv-resizer to get namespaces and patch PVCs
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-role
labels:
{{- include "pv-resizer.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
- apiGroups: [""]
resources:
- deployments
- statefulsets
- persistentvolumeclaims
- pods
verbs: ["get", "list", "patch", "update"]
---
# We bind the role to the pv-resizer ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-binding
labels:
{{- include "pv-resizer.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-role
subjects:
- kind: ServiceAccount
name: {{ include "pv-resizer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{ end }}