charts/amazon-network-flow-monitor-agent/templates/serviceAccount.yaml (35 lines of code) (raw):
# Create Amazon CloudWatch Network Flow Monitor Agent ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-network-flow-monitor-agent.labels" . | nindent 4}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.clusterRole.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-network-flow-monitor-agent.labels" . | nindent 4}}
rules:
- apiGroups: ["", "discovery.k8s.io"]
resources: ["pods", "endpointslices"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.clusterRoleBinding.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-network-flow-monitor-agent.labels" . | nindent 4}}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Values.clusterRole.name }}
apiGroup: rbac.authorization.k8s.io