mirror of
https://github.com/bitnami/charts.git
synced 2026-03-14 06:47:28 +08:00
aa1de39836
* [bitnami/wavefront] Bump wavefront-proxy version + standardisation Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Regenerate README.md Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Apply suggestions Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Remove unused collector.extraArgs and update README Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Revert major to minor Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <containers@bitnami.com> * Fix config indent Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * [bitnami/wavefront] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Co-authored-by: Bitnami Containers <containers@bitnami.com>
109 lines
2.5 KiB
YAML
109 lines
2.5 KiB
YAML
{{- if and .Values.rbac.create .Values.collector.enabled }}
|
|
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ printf "%s-collector" (include "common.names.fullname" .) }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
app.kubernetes.io/component: collector
|
|
kubernetes.io/bootstrapping: rbac-defaults
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
annotations:
|
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
|
{{- if .Values.commonAnnotations }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
- namespaces
|
|
- nodes
|
|
- nodes/proxy
|
|
- nodes/stats
|
|
- pods
|
|
- replicationcontrollers
|
|
- secrets
|
|
- services
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- update
|
|
- create
|
|
- list
|
|
- watch
|
|
- nonResourceURLs: ["/metrics"]
|
|
verbs:
|
|
- get
|
|
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
|
|
{{- if and $pspAvailable .Values.podSecurityPolicy.create }}
|
|
- apiGroups:
|
|
- policy
|
|
resourceNames:
|
|
- {{ template "common.names.fullname" . }}
|
|
resources:
|
|
- podsecuritypolicies
|
|
verbs:
|
|
- use
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- create
|
|
{{- end }}
|
|
{{- if .Values.collector.kubernetesState }}
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- daemonsets
|
|
- deployments
|
|
- statefulsets
|
|
- replicasets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
- cronjobs
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- autoscaling
|
|
resources:
|
|
- horizontalpodautoscalers
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- end }}
|
|
{{- if .Values.tkgi.enabled }}
|
|
- apiGroups:
|
|
- policy
|
|
resources:
|
|
- podsecuritypolicies
|
|
verbs:
|
|
- use
|
|
resourceNames:
|
|
- pks-privileged
|
|
{{- end }}
|
|
{{- if .Values.rbac.rules }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
|
|
{{- end }}
|
|
{{- end }}
|