{{- $doesSupportStableIngress := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} {{- if and (.Values.ingress.controller.enabled) ($doesSupportStableIngress) -}} apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: {{ include "azure-api-management-gateway.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "azure-api-management-gateway.labels" . | nindent 4 }} {{- with .Values.ingress.controller.ingressClass.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: controller: {{ .Values.ingress.controller.ingressClass.controller | quote }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "azure-api-management-gateway.fullname" . }}-rbac labels: {{- include "azure-api-management-gateway.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - secrets - namespaces verbs: - get - watch - get - apiGroups: - "" resources: - services verbs: - get - watch - get - apiGroups: - networking.k8s.io resources: - ingresses verbs: - list - watch - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "azure-api-management-gateway.fullname" . }} labels: {{- include "azure-api-management-gateway.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ include "azure-api-management-gateway.fullname" . }}-rbac subjects: - kind: ServiceAccount name: {{ .Values.serviceAccountName }} namespace: {{ .Release.Namespace }} {{- end }}