k8s/check-charts/racnher/templates/post-delete-hook-cluster-role.yaml

48 lines
1.7 KiB
YAML
Raw Normal View History

2023-11-16 19:42:02 +10:00
{{- if .Values.postDelete.enabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "rancher.fullname" . }}-post-delete
labels: {{ include "rancher.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
rules:
- apiGroups: [ "extensions","apps" ]
resources: [ "deployments" ]
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "batch" ]
resources: [ "jobs" ]
verbs: [ "get", "list", "watch", "delete", "create" ]
- apiGroups: [ "rbac.authorization.k8s.io" ]
resources: [ "clusterroles", "clusterrolebindings", "roles", "rolebindings" ]
verbs: [ "get", "list", "delete", "create" ]
- apiGroups: [ "" ]
resources: [ "pods", "secrets", "services", "configmaps" ]
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "" ]
resources: [ "serviceaccounts" ]
verbs: [ "get", "list", "delete", "create" ]
- apiGroups: [ "networking.k8s.io" ]
resources: [ "networkpolicies" ]
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "policy" ]
resources: [ "podsecuritypolicies" ]
verbs: ["delete", "create" ]
{{- if eq (include "rancher.chart_psp_enabled" . ) "true" }}
- apiGroups: [ "policy" ]
resources: [ "podsecuritypolicies" ]
verbs: [ "use"]
{{- end }}
- apiGroups: [ "networking.k8s.io" ]
resources: [ "ingresses" ]
verbs: [ "delete" ]
- apiGroups: [ "cert-manager.io" ]
resources: [ "issuers" ]
verbs: [ "delete" ]
{{- end }}