{{- if .Values.ingressOperator.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress-operator
  namespace: {{ .Release.Namespace | quote }}
  labels:
    app: {{ template "openfaas.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    component: ingress-operator
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}

{{- if .Values.rbac }}    
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ingress-operator-rw
  namespace: {{ .Release.Namespace | quote }}
  labels:
    app: {{ template "openfaas.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    component: ingress-operator
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
rules:
- apiGroups: ["openfaas.com"]
  resources: ["functioningresses"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["extensions", "networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["certmanager.k8s.io"]
  resources: ["certificates"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
  resources: ["pods", "pods/log", "namespaces", "endpoints"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ingress-operator-rw
  namespace: {{ .Release.Namespace | quote }}
  labels:
    app: {{ template "openfaas.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    component: ingress-operator
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-operator-rw
subjects:
- kind: ServiceAccount
  name: ingress-operator
  namespace: {{ .Release.Namespace | quote }}
{{- end }}
{{- end }}