+++ /dev/null
-{{- if and .Values.rbac.enabled .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ include "istio-operator.fullname" . }}-authproxy
- labels:
- app.kubernetes.io/name: {{ include "istio-operator.name" . }}
- helm.sh/chart: {{ include "istio-operator.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/component: authproxy
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: "{{ include "istio-operator.fullname" . }}-authproxy"
- labels:
- app.kubernetes.io/name: {{ include "istio-operator.name" . }}
- helm.sh/chart: {{ include "istio-operator.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/component: authproxy
-rules:
-- apiGroups: ["authentication.k8s.io"]
- resources:
- - tokenreviews
- verbs: ["create"]
-- apiGroups: ["authorization.k8s.io"]
- resources:
- - subjectaccessreviews
- verbs: ["create"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "{{ include "istio-operator.fullname" . }}-authproxy"
- labels:
- app.kubernetes.io/name: {{ include "istio-operator.name" . }}
- helm.sh/chart: {{ include "istio-operator.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- app.kubernetes.io/component: authproxy
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: "{{ include "istio-operator.fullname" . }}-authproxy"
-subjects:
-- kind: ServiceAccount
- name: {{ include "istio-operator.fullname" . }}-authproxy
- namespace: {{ .Release.Namespace }}
-{{- end }}