25 lines
962 B
YAML
25 lines
962 B
YAML
{{- define "role-controller" -}}
|
|
---
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: tekton-pipelines-controller
|
|
namespace: {{ $.Release.Namespace }}
|
|
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["list", "watch"]
|
|
- # The controller needs access to these configmaps for logging information and runtime configuration.
|
|
apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["get"]
|
|
resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"]
|
|
- apiGroups: ["policy"]
|
|
resources: ["podsecuritypolicies"]
|
|
resourceNames: ["tekton-pipelines"]
|
|
verbs: ["use"]
|
|
...
|
|
{{- end -}}
|
|
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-controller" ) }}
|