30 lines
843 B
YAML
30 lines
843 B
YAML
{{/*
|
|
Copyright (c) HashiCorp, Inc.
|
|
SPDX-License-Identifier: MPL-2.0
|
|
*/}}
|
|
|
|
{{- template "openbao.injectorEnabled" . -}}
|
|
{{- if .injectorEnabled -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ template "openbao.fullname" . }}-agent-injector-clusterrole
|
|
labels:
|
|
app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
rules:
|
|
- apiGroups: ["admissionregistration.k8s.io"]
|
|
resources: ["mutatingwebhookconfigurations"]
|
|
verbs:
|
|
- "get"
|
|
- "list"
|
|
- "watch"
|
|
- "patch"
|
|
{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
|
|
- apiGroups: [""]
|
|
resources: ["nodes"]
|
|
verbs:
|
|
- "get"
|
|
{{ end }}
|
|
{{ end }}
|