{{- $functionNs := default .Release.Namespace .Values.functionNamespace }} {{- if .Values.operator.create }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Release.Name }}-operator namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: openfaas-operator heritage: {{ .Release.Service }} release: {{ .Release.Name }} {{- if .Values.rbac }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Release.Name }}-operator-rw namespace: {{ $functionNs | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: openfaas-operator heritage: {{ .Release.Service }} release: {{ .Release.Name }} rules: - apiGroups: ["openfaas.com"] resources: ["functions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["apps", "extensions"] resources: ["deployments"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["pods", "pods/log", "namespaces", "endpoints"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-operator-rw namespace: {{ $functionNs | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: openfaas-operator heritage: {{ .Release.Service }} release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ .Release.Name }}-operator-rw subjects: - kind: ServiceAccount name: {{ .Release.Name }}-operator namespace: {{ .Release.Namespace | quote }} {{- if .Values.clusterRole}} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: {{ .Release.Name }}-operator-controller namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: openaas-operator heritage: {{ .Release.Service }} release: {{ .Release.Name }} rules: - apiGroups: ["openfaas.com"] resources: ["functions"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["openfaas.com"] resources: ["profiles"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "watch", "create", "delete", "update"] - apiGroups: ["extensions", "apps"] resources: ["deployments"] verbs: ["get", "list", "watch", "create", "delete", "update"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["pods", "pods/log", "namespaces", "endpoints"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ .Release.Name }}-operator-controller namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: openfaas-operator heritage: {{ .Release.Service }} release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ .Release.Name }}-operator-controller subjects: - kind: ServiceAccount name: {{ .Release.Name }}-operator namespace: {{ .Release.Namespace | quote }} {{- end }} {{- end }} {{- end }}