--- /dev/null
+{{- if and .Values.alertmanager.enabled .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ labels:
+ {{- include "prometheus.alertmanager.labels" . | nindent 4 }}
+ name: {{ template "prometheus.alertmanager.fullname" . }}
+rules:
+{{- if .Values.podSecurityPolicy.enabled }}
+ - apiGroups:
+ - extensions
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - {{ template "prometheus.alertmanager.fullname" . }}
+{{- else }}
+ []
+{{- end }}
+{{- end }}