Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/test/kubernetes/lucee/templates/rbac.yaml
Views: 11784
{{- if .Values.serviceAccount.create -}}1apiVersion: v12kind: ServiceAccount3metadata:4name: {{ include "lucee.serviceAccountName" . }}5labels:6{{- include "lucee.labels" . | nindent 4 }}7{{- with .Values.serviceAccount.annotations }}8annotations:9{{- toYaml . | nindent 4 }}10{{- end }}1112---13{{- $allAccess := printf "%s-all-access" (include "lucee.fullname" .) }}14{{- $noAccess := printf "%s-no-access" (include "lucee.fullname" .) }}15{{- $roleRefName := .Values.privileges.bindClusterRoleOverride | default $noAccess }}16{{- if eq $roleRefName $noAccess -}}17# Grant the service account no access to Kubernetes18apiVersion: rbac.authorization.k8s.io/v119kind: ClusterRole20metadata:21name: {{ include "lucee.fullname" . }}-no-access22rules: []23---24{{- else if eq $roleRefName $allAccess -}}25# Grant the service account full access to Kubernetes26apiVersion: rbac.authorization.k8s.io/v127kind: ClusterRole28metadata:29name: {{ include "lucee.fullname" . }}-all-access30rules:31- apiGroups: [""] # "" indicates the core API group32resources: ["*"]33verbs: ["*"]34---35{{- end -}}3637apiVersion: rbac.authorization.k8s.io/v138kind: ClusterRoleBinding39metadata:40name: {{ include "lucee.fullname" . }}-role-binding41subjects:42- kind: ServiceAccount43name: {{ include "lucee.serviceAccountName" . }}44apiGroup: ""45namespace: {{ .Release.Namespace }}46roleRef:47kind: ClusterRole48name: {{ $roleRefName }}49apiGroup: ""5051{{- end }}525354