39 lines
974 B
YAML
39 lines
974 B
YAML
{{- /*
|
|
These are the cluster-wide rbac roles + bindings that will be used by users
|
|
who want to use telepresence once its components have been set
|
|
up in the cluster.
|
|
*/}}
|
|
{{- with .Values.clientRbac }}
|
|
{{- if (and .create (not (or .namespaces (include "traffic-manager.namespaced" $)))) }}
|
|
{{- $roleName := include "telepresence.clientRbacName" $ }}
|
|
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ $roleName }}
|
|
labels:
|
|
{{- include "telepresence.labels" $ | nindent 4 }}
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["namespaces"]
|
|
verbs: ["get", "list", "watch"]
|
|
{{- include "telepresence.clientRbacInterceptRules" $ }}
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: {{ $roleName }}
|
|
labels:
|
|
{{- include "telepresence.labels" $ | nindent 4 }}
|
|
subjects:
|
|
{{ toYaml .subjects }}
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: {{ $roleName }}
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
{{- end }}
|
|
{{- end }}
|