--- /dev/null
+{{- if .Values.rbac.create }}
+
+{{- if .Values.ingress.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: gloo-role-ingress
+ labels:
+ app: gloo
+ gloo: rbac
+rules:
+- apiGroups: [""]
+ resources: ["pods", "services", "secrets", "endpoints", "configmaps"]
+ verbs: ["*"]
+- apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "create"]
+- apiGroups: ["gloo.solo.io"]
+ resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices"]
+ verbs: ["*"]
+- apiGroups: ["extensions", ""]
+ resources: ["ingresses"]
+ verbs: ["*"]
+{{- end -}}
+
+{{- end -}}