openstack-helm-addons/keystone-init/templates/keystone-role.yaml

{{- if and (.Values.rbac.create) (not .Values.keystone_init.serviceAccount) }}
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }}
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }}
apiVersion: rbac.authorization.k8s.io/v1alpha1
{{- end }}
kind: Role
metadata:
  name: {{ template "fullname" . }}
  labels:
    app: {{ template "fullname" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    component: "{{ .Values.keystone_init.name }}"
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "create", "update"]
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "create"]
{{- end }}