72 lines
1.2 KiB
YAML
72 lines
1.2 KiB
YAML
{{- if .Values.rbac.create -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ .Release.Name }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- users
|
|
- groups
|
|
- serviceaccounts
|
|
verbs:
|
|
- impersonate
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- "authorization.k8s.io"
|
|
resources:
|
|
- selfsubjectaccessreviews
|
|
verbs:
|
|
- create
|
|
|
|
{{ if .Values.operator.enabled }}
|
|
- apiGroups:
|
|
- "resources.teleport.dev"
|
|
resources:
|
|
- teleportroles
|
|
- teleportroles/status
|
|
- teleportusers
|
|
- teleportusers/status
|
|
- teleportgithubconnectors
|
|
- teleportgithubconnectors/status
|
|
- teleportoidcconnectors
|
|
- teleportoidcconnectors/status
|
|
- teleportsamlconnectors
|
|
- teleportsamlconnectors/status
|
|
- teleportloginrules
|
|
- teleportloginrules/status
|
|
- teleportprovisiontokens
|
|
- teleportprovisiontokens/status
|
|
- teleportoktaimportrules
|
|
- teleportoktaimportrules/status
|
|
verbs:
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
|
|
- apiGroups:
|
|
- "coordination.k8s.io"
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- create
|
|
- get
|
|
- update
|
|
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
{{- end -}}
|
|
{{- end -}}
|