{{if .Values.remoteMirrorServiceAccount -}} {{- $names := .Values.remoteMirrorServiceAccountName -}} {{- if not (kindIs "slice" .Values.remoteMirrorServiceAccountName) -}} {{- $names = splitList "," .Values.remoteMirrorServiceAccountName -}} {{- end -}} {{- range $names -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{.}} labels: linkerd.io/extension: multicluster {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} annotations: {{ include "partials.annotations.created-by" $ }} rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["list", "get", "watch"] - apiGroups: ["batch"] resources: ["jobs"] verbs: ["list", "get", "watch"] - apiGroups: [""] resources: ["pods", "endpoints", "services"] verbs: ["list", "get", "watch"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["list", "get", "watch"] - apiGroups: ["policy.linkerd.io"] resources: ["servers"] verbs: ["list", "get", "watch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] resourceNames: ["linkerd-config"] - apiGroups: [""] resources: ["events"] verbs: ["create", "patch"] --- apiVersion: v1 kind: ServiceAccount metadata: name: {{.}} namespace: {{$.Release.Namespace}} labels: linkerd.io/extension: multicluster {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} annotations: {{ include "partials.annotations.created-by" $ }} {{- include "partials.image-pull-secrets" $.Values.imagePullSecrets }} --- apiVersion: v1 kind: Secret metadata: name: {{.}}-token namespace: {{$.Release.Namespace}} labels: linkerd.io/extension: multicluster {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} annotations: kubernetes.io/service-account.name: {{.}} {{ include "partials.annotations.created-by" $ }} type: kubernetes.io/service-account-token --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{.}} labels: linkerd.io/extension: multicluster {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} annotations: {{ include "partials.annotations.created-by" $ }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{.}} subjects: - kind: ServiceAccount name: {{.}} namespace: {{$.Release.Namespace}} {{end -}} {{end -}}