70 lines
1.3 KiB
YAML
70 lines
1.3 KiB
YAML
{{- if .Values.server.enabled }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
{{- if .Values.singleNamespace }}
|
|
kind: Role
|
|
metadata:
|
|
name: {{ .Release.Name }}-{{ .Values.server.name }}-role
|
|
{{ else }}
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-role
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- watch
|
|
- list
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
- pods/exec
|
|
- pods/log
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- delete
|
|
{{- if .Values.controller.persistence }}
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
resourceNames:
|
|
{{- if .Values.controller.persistence.postgresql }}
|
|
- {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
|
|
- {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
|
|
{{- end}}
|
|
{{- if .Values.controller.persistence.mysql }}
|
|
- {{ .Values.controller.persistence.mysql.userNameSecret.name }}
|
|
- {{ .Values.controller.persistence.mysql.passwordSecret.name }}
|
|
{{- end}}
|
|
verbs:
|
|
- get
|
|
{{- end}}
|
|
- apiGroups:
|
|
- argoproj.io
|
|
resources:
|
|
- workflows
|
|
- workflowtemplates
|
|
- cronworkflows
|
|
- clusterworkflowtemplates
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- patch
|
|
- delete
|
|
{{- end }}
|