1{{ if .Values.enablePSP -}}
2---
3apiVersion: rbac.authorization.k8s.io/v1
4kind: Role
5metadata:
6 name: psp
7 namespace: {{ .Release.Namespace }}
8 labels:
9 linkerd.io/extension: jaeger
10 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
11rules:
12- apiGroups: ['policy', 'extensions']
13 resources: ['podsecuritypolicies']
14 verbs: ['use']
15 resourceNames:
16 - linkerd-{{.Values.linkerdNamespace}}-control-plane
17---
18apiVersion: rbac.authorization.k8s.io/v1
19kind: RoleBinding
20metadata:
21 name: jaeger-psp
22 namespace: {{ .Release.Namespace }}
23 labels:
24 linkerd.io/extension: jaeger
25 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
26roleRef:
27 kind: Role
28 name: psp
29 apiGroup: rbac.authorization.k8s.io
30subjects:
31{{ if .Values.collector.enabled -}}
32- kind: ServiceAccount
33 name: collector
34 namespace: {{.Release.Namespace}}
35{{ end -}}
36- kind: ServiceAccount
37 name: jaeger-injector
38 namespace: {{.Release.Namespace}}
39{{ if .Values.jaeger.enabled -}}
40- kind: ServiceAccount
41 name: jaeger
42 namespace: {{.Release.Namespace}}
43{{ end -}}
44- kind: ServiceAccount
45 name: namespace-metadata
46 namespace: {{.Release.Namespace}}
47{{ end -}}
View as plain text