...

Text file src/github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates/psp.yaml

Documentation: github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates

     1{{ if .Values.enablePSP -}}
     2---
     3apiVersion: rbac.authorization.k8s.io/v1
     4kind: Role
     5metadata:
     6  name: psp
     7  namespace: {{ .Release.Namespace }}
     8  labels:
     9    linkerd.io/extension: multicluster
    10    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    11rules:
    12- apiGroups: ['policy', 'extensions']
    13  resources: ['podsecuritypolicies']
    14  verbs: ['use']
    15  resourceNames:
    16  - linkerd-{{.Values.linkerdNamespace}}-control-plane
    17---
    18apiVersion: rbac.authorization.k8s.io/v1
    19kind: RoleBinding
    20metadata:
    21  name: linkerd-multicluster-psp
    22  namespace: {{ .Release.Namespace }}
    23  labels:
    24    linkerd.io/extension: multicluster
    25    namespace: {{.Release.Namespace}}
    26    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    27roleRef:
    28  kind: Role
    29  name: psp
    30  apiGroup: rbac.authorization.k8s.io
    31subjects:
    32- kind: ServiceAccount
    33  name: {{.Values.gateway.name}}
    34  namespace: {{.Release.Namespace}}
    35- kind: ServiceAccount
    36  name: namespace-metadata
    37  namespace: {{.Release.Namespace}}
    38{{ end -}}

View as plain text