Code Review / ric-plt / ric-dep.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
J release changes
[ric-plt/ric-dep.git] / helm / infrastructure / subcharts / kong / charts / postgresql / templates / role.yaml
diff --git a/helm/infrastructure/subcharts/kong/charts/postgresql/templates/role.yaml b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/role.yaml
new file mode 100644 (file)
index 0000000..00f9222
--- /dev/null
+++ b/helm/infrastructure/subcharts/kong/charts/postgresql/templates/role.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.rbac.create }}
+kind: Role
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+# yamllint disable rule:indentation
+rules:
+  {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
+  {{- if and $pspAvailable .Values.psp.create }}
+  - apiGroups:
+      - 'policy'
+    resources:
+      - 'podsecuritypolicies'
+    verbs:
+      - 'use'
+    resourceNames:
+      - {{ include "common.names.fullname" . }}
+  {{- end }}
+  {{- if .Values.rbac.rules }}
+  {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
+  {{- end }}
+# yamllint enable rule:indentation
+{{- end }}