apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pulsar-helm-chart/charts/pulsar/templates/broker-cluster-role-binding.yaml
ChaoYang 64e67c1a88
update role (#543)
2024-10-29 15:28:47 -07:00

94 lines
2.6 KiB
YAML
Raw Blame History

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
## TODO create our own cluster role with less privledges than admin
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.rbac.limit_to_namespace }}
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-rolebinding"
{{- else}}
kind: ClusterRoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrolebinding"
{{- end}}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.rbac.limit_to_namespace }}
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-role"
{{- else}}
kind: ClusterRole
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole"
{{- end}}
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.rbac.limit_to_namespace }}
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-role"
{{- else}}
kind: ClusterRole
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole"
{{- end}}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- pods
- services
- secrets
verbs:
- list
- watch
- get
- update
- create
- delete
- patch
- apiGroups: ["apps"]
resources:
- deployments
- statefulsets
verbs:
- list
- watch
- get
- update
- create
- delete
- patch
---
{{- end }}
Reference in New Issue View Git Blame Copy Permalink