bucket-replication/templates/rbac.yaml (71 lines of code) (raw):
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "bucket-replication.fullname" . }}-get-obc
namespace: {{ .Values.configuration.registryName }}
labels:
{{- include "bucket-replication.labels" . | nindent 4 }}
rules:
- verbs:
- get
- list
apiGroups:
- objectbucket.io
resources:
- objectbucketclaims
resourceNames:
{{ include "bucket-replication.objectBucketClaims" . }}
- verbs:
- get
- list
apiGroups:
- ""
resources:
- secrets
resourceNames:
{{ include "bucket-replication.objectBucketClaims" . }}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "bucket-replication.fullname" . }}-get-cos
namespace: openshift-storage
labels:
{{- include "bucket-replication.labels" . | nindent 4 }}
rules:
- verbs:
- get
- list
apiGroups:
- ceph.rook.io
resources:
- cephobjectstores
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "bucket-replication.fullname" . }}-get-obc
namespace: {{ .Values.configuration.registryName }}
subjects:
- kind: ServiceAccount
name: {{ include "bucket-replication.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "bucket-replication.fullname" . }}-get-obc
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "bucket-replication.fullname" . }}-get-cos
namespace: openshift-storage
subjects:
- kind: ServiceAccount
name: {{ include "bucket-replication.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "bucket-replication.fullname" . }}-get-cos