1 {{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}}
2 apiVersion: rbac.authorization.k8s.io/v1
5 name: {{ template "kong.fullname" . }}
6 namespace: {{ template "kong.namespace" . }}
8 {{- include "kong.metaLabels" . | nindent 4 }}
24 # Defaults to "<election-id>-<ingress-class>"
25 # Here: "<kong-ingress-controller-leader-nginx>-<nginx>"
26 # This has to be adapted if you change either parameter
27 # when launching the nginx-ingress-controller.
28 - "kong-ingress-controller-leader-{{ .Values.ingressController.ingressClass }}-{{ .Values.ingressController.ingressClass }}"
38 {{- if (semverCompare "< 2.10.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
46 # Begin KIC 2.x leader permissions
75 apiVersion: rbac.authorization.k8s.io/v1
78 name: {{ template "kong.fullname" . }}
79 namespace: {{ template "kong.namespace" . }}
81 {{- include "kong.metaLabels" . | nindent 4 }}
83 apiGroup: rbac.authorization.k8s.io
85 name: {{ template "kong.fullname" . }}
87 - kind: ServiceAccount
88 name: {{ template "kong.serviceAccountName" . }}
89 namespace: {{ template "kong.namespace" . }}
90 {{- if eq (len .Values.ingressController.watchNamespaces) 0 }}
92 apiVersion: rbac.authorization.k8s.io/v1
96 {{- include "kong.metaLabels" . | nindent 4 }}
97 name: {{ template "kong.fullname" . }}
99 {{ include "kong.kubernetesRBACRules" . }}
100 {{ include "kong.kubernetesRBACClusterRules" . }}
102 apiVersion: rbac.authorization.k8s.io/v1
103 kind: ClusterRoleBinding
105 name: {{ template "kong.fullname" . }}
107 {{- include "kong.metaLabels" . | nindent 4 }}
109 apiGroup: rbac.authorization.k8s.io
111 name: {{ template "kong.fullname" . }}
113 - kind: ServiceAccount
114 name: {{ template "kong.serviceAccountName" . }}
115 namespace: {{ template "kong.namespace" . }}
117 {{- range .Values.ingressController.watchNamespaces }}
119 apiVersion: rbac.authorization.k8s.io/v1
123 {{- include "kong.metaLabels" $ | nindent 4 }}
124 name: {{ template "kong.fullname" $ }}-{{ . }}
127 {{ include "kong.kubernetesRBACRules" $ }}
129 apiVersion: rbac.authorization.k8s.io/v1
132 name: {{ template "kong.fullname" $ }}-{{ . }}
134 {{- include "kong.metaLabels" $ | nindent 4 }}
137 apiGroup: rbac.authorization.k8s.io
139 name: {{ template "kong.fullname" $ }}-{{ . }}
141 - kind: ServiceAccount
142 name: {{ template "kong.serviceAccountName" $ }}
143 namespace: {{ template "kong.namespace" $ }}
146 apiVersion: rbac.authorization.k8s.io/v1
150 {{- include "kong.metaLabels" . | nindent 4 }}
151 name: {{ template "kong.fullname" . }}
153 {{ include "kong.kubernetesRBACClusterRules" . }}
155 apiVersion: rbac.authorization.k8s.io/v1
156 kind: ClusterRoleBinding
158 name: {{ template "kong.fullname" . }}
160 {{- include "kong.metaLabels" . | nindent 4 }}
162 apiGroup: rbac.authorization.k8s.io
164 name: {{ template "kong.fullname" . }}
166 - kind: ServiceAccount
167 name: {{ template "kong.serviceAccountName" . }}
168 namespace: {{ template "kong.namespace" . }}