pub/gitlab-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cd91aab5d1fcf8039f3a6f3340bb2a2adde5ba8
gitlab-ci/k8s/gitlab-runner/templates/role.yaml
Vassiliy Yegorov 8b460261db init
2022-09-06 10:22:06 +07:00

33 lines
1.2 KiB
YAML
Raw Blame History

{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if .Values.rbac.clusterWideAccess }}"ClusterRole"{{ else }}"Role"{{ end }}
metadata:
name: {{ include "gitlab-runner.fullname" . }}
labels:
app: {{ include "gitlab-runner.fullname" . }}
chart: {{ include "gitlab-runner.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ if not .Values.rbac.clusterWideAccess -}}
namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
{{- end }}
rules:
{{- if .Values.rbac.podSecurityPolicy.enabled }}
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
{{ toYaml .Values.rbac.podSecurityPolicy.resourceNames | indent 2 }}
{{- end }}
{{- if or (empty .Values.rbac.rules) (or .Values.rbac.resources .Values.rbac.verbs) }}
- apiGroups: [""]
resources: {{ (default (list "*") .Values.rbac.resources | toJson) }}
verbs: {{ (default (list "*") .Values.rbac.verbs | toJson) }}
{{- end -}}
{{ range .Values.rbac.rules }}
- apiGroups: {{ (default (list "") .apiGroups) | toJson }}
resources: {{ (default (list "*") .resources) | toJson }}
verbs: {{ (default (list "*") .verbs) | toJson }}
{{- end }}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink