# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # {{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ .Release.Name }}-clusterrole rules: - apiGroups: - "" resources: - events verbs: - "*" - apiGroups: - "" resources: - configmaps - endpoints - pods - services - secrets verbs: - get - list - watch - apiGroups: - "" resources: - namespaces verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses/status verbs: - update - apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - apisix.apache.org resources: - apisixroutes - apisixroutes/status - apisixupstreams - apisixupstreams/status - apisixtlses - apisixtlses/status - apisixclusterconfigs - apisixclusterconfigs/status - apisixconsumers - apisixconsumers/status - apisixpluginconfigs - apisixpluginconfigs/status - apisixglobalrules - apisixglobalrules/status verbs: - '*' - apiGroups: - coordination.k8s.io resources: - leases verbs: - '*' - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - get - list - watch - apiGroups: - gateway.networking.k8s.io resources: - tcproutes - udproutes - httproutes - tlsroutes - gateways - gatewayclasses verbs: - get - list - watch - apiGroups: - gateway.networking.k8s.io resources: - tcproutes/status - udproutes/status - httproutes/status - tlsroutes/status - gateways/status - gatewayclasses/status verbs: - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ .Release.Name }}-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ .Release.Name }}-clusterrole subjects: - kind: ServiceAccount name: {{ include "apisix-ingress-controller.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }}