b6460c4ea3
All checks were successful
Build and Publish TechDocs / build-and-publish (push) Successful in 1m15s
Change-Id: I2e2564a72b6be9af536235fc3795fd788fd9257b
159 lines
2.8 KiB
YAML
159 lines
2.8 KiB
YAML
{{/*
|
|
Copyright 2019 HAProxy Technologies LLC
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if .Values.rbac.create -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ include "kubernetes-ingress.fullname" . }}
|
|
labels:
|
|
{{- include "kubernetes-ingress.labels" . | nindent 4 }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- endpoints
|
|
- nodes
|
|
- pods
|
|
- services
|
|
- namespaces
|
|
- events
|
|
- serviceaccounts
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- if and (eq .Values.controller.sync.mode "fetch") (eq .Values.controller.sync.fetchParams.source "proxy") }}
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
- pods
|
|
verbs:
|
|
- update
|
|
{{- end }}
|
|
- apiGroups:
|
|
- "extensions"
|
|
- "networking.k8s.io"
|
|
resources:
|
|
- ingresses
|
|
- ingresses/status
|
|
- ingressclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "extensions"
|
|
- "networking.k8s.io"
|
|
resources:
|
|
- ingresses/status
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- discovery.k8s.io
|
|
resources:
|
|
- endpointslices
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- core.haproxy.org
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- apiGroups:
|
|
- ingress.v1.haproxy.org
|
|
- ingress.v1.haproxy.com
|
|
- ingress.v3.haproxy.org
|
|
- ingress.v3.haproxy.com
|
|
resources:
|
|
- "*"
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- apiGroups:
|
|
- "apiextensions.k8s.io"
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
{{- if .Values.controller.kubernetesGateway.enabled }}
|
|
- apiGroups:
|
|
- "gateway.networking.k8s.io"
|
|
resources:
|
|
- referencegrants
|
|
- gateways
|
|
- gatewayclasses
|
|
- tcproutes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "gateway.networking.k8s.io"
|
|
resources:
|
|
- gatewayclasses/status
|
|
- gateways/status
|
|
- tcproutes/status
|
|
verbs:
|
|
- update
|
|
{{- end }}
|
|
- apiGroups:
|
|
- "apps"
|
|
resources:
|
|
- replicasets
|
|
- deployments
|
|
- daemonsets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- if and (eq .Values.controller.sync.mode "fetch") (eq .Values.controller.sync.fetchParams.source "proxy") }}
|
|
- apiGroups:
|
|
- "coordination.k8s.io"
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- "*"
|
|
{{- end }}
|
|
{{- end -}}
|