CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/test/kubernetes/lucee/templates/rbac.yaml
Views: 1904
1
{{- if .Values.serviceAccount.create -}}

2
apiVersion: v1

3
kind: ServiceAccount

4
metadata:

5
  name: {{ include "lucee.serviceAccountName" . }}

6
  labels:

7
    {{- include "lucee.labels" . | nindent 4 }}

8
  {{- with .Values.serviceAccount.annotations }}

9
  annotations:

10
    {{- toYaml . | nindent 4 }}

11
  {{- end }}

12


13
---

14
{{- $allAccess := printf "%s-all-access" (include "lucee.fullname" .) }}

15
{{- $noAccess := printf "%s-no-access" (include "lucee.fullname" .) }}

16
{{- $roleRefName := .Values.privileges.bindClusterRoleOverride | default $noAccess }}

17
{{- if eq $roleRefName $noAccess -}}

18
# Grant the service account no access to Kubernetes

19
apiVersion: rbac.authorization.k8s.io/v1

20
kind: ClusterRole

21
metadata:

22
  name: {{ include "lucee.fullname" . }}-no-access

23
rules: []

24
---

25
{{- else if eq $roleRefName $allAccess -}}

26
# Grant the service account full access to Kubernetes

27
apiVersion: rbac.authorization.k8s.io/v1

28
kind: ClusterRole

29
metadata:

30
  name: {{ include "lucee.fullname" . }}-all-access

31
rules:

32
  - apiGroups: [""] # "" indicates the core API group

33
    resources: ["*"]

34
    verbs: ["*"]

35
---

36
{{- end -}}

37


38
apiVersion: rbac.authorization.k8s.io/v1

39
kind: ClusterRoleBinding

40
metadata:

41
  name: {{ include "lucee.fullname" . }}-role-binding

42
subjects:

43
  - kind: ServiceAccount

44
    name: {{ include "lucee.serviceAccountName" . }}

45
    apiGroup: ""

46
    namespace: {{ .Release.Namespace }}

47
roleRef:

48
  kind: ClusterRole

49
  name: {{ $roleRefName }}

50
  apiGroup: ""

51


52
{{- end }}

53


54