1{{ if .Values.enablePSP -}}
2---
3apiVersion: rbac.authorization.k8s.io/v1
4kind: Role
5metadata:
6 name: psp
7 namespace: {{ .Release.Namespace }}
8 labels:
9 linkerd.io/extension: viz
10 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
11rules:
12- apiGroups: ['policy', 'extensions']
13 resources: ['podsecuritypolicies']
14 verbs: ['use']
15 resourceNames:
16 - linkerd-{{.Values.linkerdNamespace}}-control-plane
17---
18apiVersion: rbac.authorization.k8s.io/v1
19kind: RoleBinding
20metadata:
21 name: viz-psp
22 namespace: {{ .Release.Namespace }}
23 labels:
24 linkerd.io/extension: viz
25 namespace: {{.Release.Namespace}}
26 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
27roleRef:
28 kind: Role
29 name: psp
30 apiGroup: rbac.authorization.k8s.io
31subjects:
32- kind: ServiceAccount
33 name: tap
34 namespace: {{.Release.Namespace}}
35- kind: ServiceAccount
36 name: web
37 namespace: {{.Release.Namespace}}
38{{ if .Values.prometheus.enabled -}}
39- kind: ServiceAccount
40 name: prometheus
41 namespace: {{.Release.Namespace}}
42{{ end -}}
43- kind: ServiceAccount
44 name: metrics-api
45 namespace: {{.Release.Namespace}}
46- kind: ServiceAccount
47 name: tap-injector
48 namespace: {{.Release.Namespace}}
49- kind: ServiceAccount
50 name: namespace-metadata
51 namespace: {{.Release.Namespace}}
52{{ end -}}
View as plain text