f9d529ac87
- Changed chart name from api7ee to api7ee-demo-k8s in Chart.yaml
- Renamed helm/api7ee directory to helm/api7ee-demo-k8s
- Updated all references in build.yml workflow
- Updated all references in helm-release.yml workflow
- Updated main README.md with new chart name
- Updated Helm chart README with new chart name
- Verified all old references have been replaced
- Chart packages correctly as api7ee-demo-k8s-{version}.tgz
36 lines
1.0 KiB
YAML
36 lines
1.0 KiB
YAML
{{- if and .Values.api7.enabled .Values.serviceAccount.create }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ include "api7ee.fullname" . }}-adc
|
|
labels:
|
|
{{- include "api7ee.labels" . | nindent 4 }}
|
|
rules:
|
|
# Allow reading secrets (for certificates)
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "list"]
|
|
# Allow reading services and endpoints for service discovery
|
|
- apiGroups: [""]
|
|
resources: ["services", "endpoints"]
|
|
verbs: ["get", "list", "watch"]
|
|
# Allow reading pods for health checks
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: {{ include "api7ee.fullname" . }}-adc
|
|
labels:
|
|
{{- include "api7ee.labels" . | nindent 4 }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: {{ include "api7ee.fullname" . }}-adc
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ include "api7ee.serviceAccountName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }} |