charts/kubernetes-stateless-chart/templates/serviceaccount/namespace_permissions/role-binding.yaml (38 lines of code) (raw):
{{/*
A role binding grants the permissions defined in a role to a user or set of users. It holds a list of subjects (users,
groups, or service accounts), and a reference to the role being granted. A RoleBinding grants permissions within a
specific namespace whereas a ClusterRoleBinding grants that access cluster-wide.
A RoleBinding may reference any Role in the same namespace. Alternatively, a RoleBinding can reference a ClusterRole and
bind that ClusterRole to the namespace of the RoleBinding. If you want to bind a ClusterRole to all the namespaces in
your cluster, you use a ClusterRoleBinding.
The name of a RoleBinding or ClusterRoleBinding object must be a valid path segment name.
Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
*/}}
{{- if .Values.include -}}
{{- if .Values.serviceAccount.create -}}
{{- if or .Values.serviceAccount.namespacePermissions .Values.serviceAccount.additionalNamespacePermissions }}
{{- $rules := list -}}
{{- $uniqueRules := concat $rules .Values.serviceAccount.namespacePermissions .Values.serviceAccount.additionalNamespacePermissions | uniq -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "app.serviceAccount.name" . }}
namespace: {{ include "lib.namespace" . }}
labels:
app.kubernetes.io/component: {{ include "lib.componentName" . }}
{{- include "lib.labels" . | nindent 4 }}
{{- include "app.serviceAccount.additionalLabels" . | nindent 4 }}
annotations:
{{- include "lib.annotations" . | nindent 4 }}
{{- include "app.serviceAccount.additionalAnnotations" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app.serviceAccount.name" . }}
namespace: {{ include "lib.namespace" . }}
roleRef:
kind: Role
name: {{ include "app.serviceAccount.name" . }}
apiGroup: rbac.authorization.k8s.io
{{- end -}}
{{- end -}}
{{- end -}}