43 lines
1019 B
YAML
43 lines
1019 B
YAML
{{- if .Values.rbac.create -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ include "fluent-bit.fullname" . }}
|
|
labels:
|
|
{{- include "fluent-bit.labels" . | nindent 4 }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
- pods
|
|
{{- if .Values.rbac.nodeAccess }}
|
|
- nodes
|
|
- nodes/proxy
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- if and .Values.podSecurityPolicy.create (semverCompare "<=1.25-0" .Capabilities.KubeVersion.GitVersion) }}
|
|
- apiGroups:
|
|
- policy
|
|
resources:
|
|
- podsecuritypolicies
|
|
resourceNames:
|
|
- {{ include "fluent-bit.fullname" . }}
|
|
verbs:
|
|
- use
|
|
{{- end }}
|
|
{{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }}
|
|
- apiGroups:
|
|
- security.openshift.io
|
|
resources:
|
|
- securitycontextconstraints
|
|
resourceNames:
|
|
- {{ include "fluent-bit.fullname" . }}
|
|
verbs:
|
|
- use
|
|
{{- end }}
|
|
{{- end -}}
|