1{{ if .Values.enablePSP -}}
2---
3apiVersion: rbac.authorization.k8s.io/v1
4kind: Role
5metadata:
6 name: psp
7 namespace: {{ .Release.Namespace }}
8 labels:
9 linkerd.io/extension: multicluster
10 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
11rules:
12- apiGroups: ['policy', 'extensions']
13 resources: ['podsecuritypolicies']
14 verbs: ['use']
15 resourceNames:
16 - linkerd-{{.Values.linkerdNamespace}}-control-plane
17---
18apiVersion: rbac.authorization.k8s.io/v1
19kind: RoleBinding
20metadata:
21 name: linkerd-multicluster-psp
22 namespace: {{ .Release.Namespace }}
23 labels:
24 linkerd.io/extension: multicluster
25 namespace: {{.Release.Namespace}}
26 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
27roleRef:
28 kind: Role
29 name: psp
30 apiGroup: rbac.authorization.k8s.io
31subjects:
32- kind: ServiceAccount
33 name: {{.Values.gateway.name}}
34 namespace: {{.Release.Namespace}}
35- kind: ServiceAccount
36 name: namespace-metadata
37 namespace: {{.Release.Namespace}}
38{{ end -}}
View as plain text