helm/infrastructure/subcharts/kong/templates/controller-cluster-role.yaml

   1 {{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}}
   2 apiVersion: rbac.authorization.k8s.io/v1beta1
   3 kind: ClusterRole
   4 metadata:
   5   labels:
   6     app: {{ template "kong.name" . }}
   7     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
   8     release: "{{ .Release.Name }}"
   9     heritage: "{{ .Release.Service }}"
  10   name:  {{ template "kong.fullname" . }}
  11 rules:
  12   - apiGroups:
  13       - ""
  14     resources:
  15       - endpoints
  16       - nodes
  17       - pods
  18       - secrets
  19     verbs:
  20       - list
  21       - watch
  22   - apiGroups:
  23       - ""
  24     resources:
  25       - nodes
  26     verbs:
  27       - get
  28   - apiGroups:
  29       - ""
  30     resources:
  31       - services
  32     verbs:
  33       - get
  34       - list
  35       - watch
  36   - apiGroups:
  37       - "networking.k8s.io"
  38     resources:
  39       - ingresses
  40     verbs:
  41       - get
  42       - list
  43       - watch
  44   - apiGroups:
  45       - ""
  46     resources:
  47         - events
  48     verbs:
  49         - create
  50         - patch
  51   - apiGroups:
  52       - "networking.k8s.io"
  53     resources:
  54       - ingresses/status
  55     verbs:
  56       - update
  57   - apiGroups:
  58       - "configuration.konghq.com"
  59     resources:
  60       - kongplugins
  61       - kongcredentials
  62       - kongconsumers
  63       - kongingresses
  64     verbs:
  65       - get
  66       - list
  67       - watch
  68   - apiGroups:
  69       - "networking.k8s.io"
  70     resources:
  71       - ingresses
  72     verbs:
  73       - get
  74       - list
  75       - watch
  76 {{- end -}}