charts/bitnami/metallb/templates/controller/rbac.yaml

{{- if and .Values.rbac.create .Values.controller.rbac.create -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "common.names.fullname" . }}-controller
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    app.kubernetes.io/component: controller
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
rules:
  - apiGroups:
      - ''
    resources:
      - services
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - ''
    resources:
      - services/status
    verbs:
      - update
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - policy
    resourceNames:
      - {{ include "common.names.fullname" . }}-controller
    resources:
      - podsecuritypolicies
    verbs:
      - use
---
## Role bindings
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ include "common.names.fullname" . }}-controller
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    app.kubernetes.io/component: controller
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
subjects:
  - kind: ServiceAccount
    name: {{ include "metallb.controllerServiceAccountName" . }}
    namespace: {{ .Release.Namespace }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "common.names.fullname" . }}-controller
{{- end -}}