Argo/ingress/traefik/templates/rbac/role.yaml

{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ template "traefik.fullname" . }}
  labels:
    app.kubernetes.io/name: {{ template "traefik.name" . }}
    helm.sh/chart: {{ template "traefik.chart" . }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - traefik.containo.us
    resources:
      - ingressroutes
      - ingressroutetcps
      - ingressrouteudps
      - middlewares
      - middlewaretcps
      - tlsoptions
      - tlsstores
      - traefikservices
      - serverstransports
    verbs:
      - get
      - list
      - watch
{{- if .Values.podSecurityPolicy.enabled }}
  - apiGroups:
      - extensions
    resourceNames:
      - {{ template "traefik.fullname" . }}
    resources:
      - podsecuritypolicies
    verbs:
      - use
{{- end -}}
{{- end -}}
test ingress chart 2022-05-26 14:07:44 +02:00			`{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}`
			`kind: Role`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: {{ template "traefik.fullname" . }}`
			`labels:`
			`app.kubernetes.io/name: {{ template "traefik.name" . }}`
			`helm.sh/chart: {{ template "traefik.chart" . }}`
			`app.kubernetes.io/managed-by: {{ .Release.Service }}`
			`app.kubernetes.io/instance: {{ .Release.Name }}`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- services`
			`- endpoints`
			`- secrets`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- extensions`
			`- networking.k8s.io`
			`resources:`
			`- ingresses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- extensions`
			`- networking.k8s.io`
			`resources:`
			`- ingresses/status`
			`verbs:`
			`- update`
			`- apiGroups:`
			`- traefik.containo.us`
			`resources:`
			`- ingressroutes`
			`- ingressroutetcps`
			`- ingressrouteudps`
			`- middlewares`
			`- middlewaretcps`
			`- tlsoptions`
			`- tlsstores`
			`- traefikservices`
			`- serverstransports`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`{{- if .Values.podSecurityPolicy.enabled }}`
			`- apiGroups:`
			`- extensions`
			`resourceNames:`
			`- {{ template "traefik.fullname" . }}`
			`resources:`
			`- podsecuritypolicies`
			`verbs:`
			`- use`
			`{{- end -}}`
			`{{- end -}}`