34 lines
672 B
YAML
34 lines
672 B
YAML
{{- if .Values.rbac.create -}}
|
|
{{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ .Release.Name }}
|
|
labels:
|
|
{{- include "teleport-cluster.auth.labels" . | nindent 4 }}
|
|
{{- if $auth.extraLabels.clusterRole }}
|
|
{{- toYaml $auth.extraLabels.clusterRole | nindent 4 }}
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- users
|
|
- groups
|
|
- serviceaccounts
|
|
verbs:
|
|
- impersonate
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- "authorization.k8s.io"
|
|
resources:
|
|
- selfsubjectaccessreviews
|
|
verbs:
|
|
- create
|
|
{{- end -}}
|