{{- if .Values.rbac.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app: {{ template "application-gateway-kubernetes-ingress.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "application-gateway-kubernetes-ingress.fullname" . }} rules: - apiGroups: - "" resources: - configmaps - endpoints - pods - secrets - namespaces - services - events - nodes verbs: - get - list - watch - apiGroups: - "appgw.ingress.k8s.io" - "appgw.ingress.azure.io" - "networking.istio.io" - "networking.aks.io" resources: - "*" verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses - ingressclasses verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - networking.aks.io resources: - multiclusteringresses/status verbs: - update - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "acn.azure.com" resources: - "overlayextensionconfigs" verbs: - "list" - "get" - "watch" - "create" - "update" - "delete" - "patch" - apiGroups: - "acn.azure.com" resources: - "nodenetworkconfigs" verbs: - "list" {{- end -}}