CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/test/kubernetes/lucee/templates/rbac.yaml
Views: 11784
1
{{- if .Values.serviceAccount.create -}}
2
apiVersion: v1
3
kind: ServiceAccount
4
metadata:
5
name: {{ include "lucee.serviceAccountName" . }}
6
labels:
7
{{- include "lucee.labels" . | nindent 4 }}
8
{{- with .Values.serviceAccount.annotations }}
9
annotations:
10
{{- toYaml . | nindent 4 }}
11
{{- end }}
12
13
---
14
{{- $allAccess := printf "%s-all-access" (include "lucee.fullname" .) }}
15
{{- $noAccess := printf "%s-no-access" (include "lucee.fullname" .) }}
16
{{- $roleRefName := .Values.privileges.bindClusterRoleOverride | default $noAccess }}
17
{{- if eq $roleRefName $noAccess -}}
18
# Grant the service account no access to Kubernetes
19
apiVersion: rbac.authorization.k8s.io/v1
20
kind: ClusterRole
21
metadata:
22
name: {{ include "lucee.fullname" . }}-no-access
23
rules: []
24
---
25
{{- else if eq $roleRefName $allAccess -}}
26
# Grant the service account full access to Kubernetes
27
apiVersion: rbac.authorization.k8s.io/v1
28
kind: ClusterRole
29
metadata:
30
name: {{ include "lucee.fullname" . }}-all-access
31
rules:
32
- apiGroups: [""] # "" indicates the core API group
33
resources: ["*"]
34
verbs: ["*"]
35
---
36
{{- end -}}
37
38
apiVersion: rbac.authorization.k8s.io/v1
39
kind: ClusterRoleBinding
40
metadata:
41
name: {{ include "lucee.fullname" . }}-role-binding
42
subjects:
43
- kind: ServiceAccount
44
name: {{ include "lucee.serviceAccountName" . }}
45
apiGroup: ""
46
namespace: {{ .Release.Namespace }}
47
roleRef:
48
kind: ClusterRole
49
name: {{ $roleRefName }}
50
apiGroup: ""
51
52
{{- end }}
53
54