113 lines
2.9 KiB
YAML
113 lines
2.9 KiB
YAML
{{- if .Values.rbac.create }}
|
|
|
|
{{- if .Values.recommender.enabled }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vpa-metrics-reader
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vpa-metrics-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-recommender
|
|
namespace: {{ .Release.Namespace }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vpa-checkpoint-actor
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vpa-checkpoint-actor
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-recommender
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
|
|
{{- if .Values.updater.enabled }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vpa-evictionter-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vpa-evictioner
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-updater
|
|
namespace: {{ .Release.Namespace }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vpa-status-reader-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vpa-status-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-updater
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
|
|
{{- if or .Values.recommender.enabled .Values.updater.enabled }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vpa-actor
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vpa-actor
|
|
subjects:
|
|
{{- if .Values.recommender.enabled }}
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-recommender
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
{{- if .Values.updater.enabled }}
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-updater
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- if coalesce .Values.recommender.enabled .Values.updater.enabled .Values.admissionController.enabled }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: vpa-target-reader-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: vpa-target-reader
|
|
subjects:
|
|
{{- if .Values.recommender.enabled }}
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-recommender
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
{{- if .Values.admissionController.enabled}}
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-admission-controller
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
{{- if .Values.updater.enabled }}
|
|
- kind: ServiceAccount
|
|
name: {{ include "vpa.serviceAccountName" . }}-updater
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|