30 lines
679 B
YAML
30 lines
679 B
YAML
{{- if and (.Values.kyverno.enabled) (.Values.cilium.enabled) }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kyverno:generate-cilium-networkpolicies
|
|
rules:
|
|
- apiGroups:
|
|
- cilium.io
|
|
resources:
|
|
- ciliumnetworkpolicies
|
|
verbs:
|
|
- "*"
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: kyverno:generate-cilium-network-policies
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kyverno:generate-cilium-networkpolicies
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kyverno
|
|
namespace: kyverno
|
|
- kind: ServiceAccount
|
|
name: kyverno-background-controller
|
|
namespace: kyverno
|
|
{{- end }}
|