netflux-kubernetes/deploy/base/charts/ingress-nginx/templates/clusterrole.yaml

{{- if .Values.rbac.create }}

{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
  {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
{{- end }}

{{- if not .Values.rbac.scope -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    {{- with .Values.controller.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "ingress-nginx.fullname" . }}
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
{{- if not .Values.controller.scope.enabled }}
      - namespaces
{{- end}}
    verbs:
      - list
      - watch
{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
  - apiGroups:
      - ""
    resources:
      - namespaces
    resourceNames:
      - "{{ .Values.controller.scope.namespace }}"
    verbs:
      - get
{{- end }}
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
{{- end }}

{{- end }}
Inflate ingress-nginx helm chart 2022-05-02 17:36:04 +00:00			`{{- if .Values.rbac.create }}`

			`{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}`
			`{{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}`
			`{{- end }}`

			`{{- if not .Values.rbac.scope -}}`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`labels:`
			`{{- include "ingress-nginx.labels" . \| nindent 4 }}`
			`{{- with .Values.controller.labels }}`
			`{{- toYaml . \| nindent 4 }}`
			`{{- end }}`
			`name: {{ include "ingress-nginx.fullname" . }}`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`- endpoints`
			`- nodes`
			`- pods`
			`- secrets`
			`{{- if not .Values.controller.scope.enabled }}`
			`- namespaces`
			`{{- end}}`
			`verbs:`
			`- list`
			`- watch`
			`{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- namespaces`
			`resourceNames:`
			`- "{{ .Values.controller.scope.namespace }}"`
			`verbs:`
			`- get`
			`{{- end }}`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- nodes`
			`verbs:`
			`- get`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- services`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- networking.k8s.io`
			`resources:`
			`- ingresses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- events`
			`verbs:`
			`- create`
			`- patch`
			`- apiGroups:`
			`- networking.k8s.io`
			`resources:`
			`- ingresses/status`
			`verbs:`
			`- update`
			`- apiGroups:`
			`- networking.k8s.io`
			`resources:`
			`- ingressclasses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`{{- end }}`

			`{{- end }}`