charts/bitnami/concourse/templates/worker/rolebinding.yaml

{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}

{{- if .Values.worker.enabled }}
{{- if .Values.worker.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
  name: {{ include "concourse.worker.fullname.namespace" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: worker
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "concourse.worker.fullname.namespace" . }}
subjects:
  - kind: ServiceAccount
    name: {{ include "concourse.worker.serviceAccountName" . }}
    namespace: {{ .Release.Namespace | quote }}
{{- end }}
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) }}
{{- if and $pspAvailable .Values.worker.psp.create }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
  name: {{ printf "%s-psp" (include "concourse.worker.fullname.namespace" .) }}
  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: worker
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ printf "%s-psp" (include "concourse.worker.fullname.namespace" .) }}
subjects:
  - kind: ServiceAccount
    name: {{ include "concourse.worker.serviceAccountName" . }}
    namespace: {{ .Release.Namespace | quote }}
{{- end }}
{{- end }}