| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing,
- # software distributed under the License is distributed on an
- # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- # KIND, either express or implied. See the License for the
- # specific language governing permissions and limitations
- # under the License.
- ################################
- ## Airflow Pod Reader Role
- #################################
- {{- if and .Values.rbac.create (or .Values.webserver.allowPodLogReading .Values.triggerer.enabled) }}
- {{- if .Values.multiNamespaceMode }}
- kind: ClusterRole
- {{- else }}
- kind: Role
- {{- end }}
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: {{ .Release.Name }}-pod-log-reader-role
- {{- if not .Values.multiNamespaceMode }}
- namespace: "{{ .Release.Namespace }}"
- {{- end }}
- labels:
- tier: airflow
- release: {{ .Release.Name }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- heritage: {{ .Release.Service }}
- {{- with .Values.labels }}
- {{ toYaml . | indent 4 }}
- {{- end }}
- rules:
- - apiGroups:
- - ""
- resources:
- - "pods"
- verbs:
- - "list"
- - "get"
- - "watch"
- - apiGroups:
- - ""
- resources:
- - "pods/log"
- verbs:
- - "get"
- - "list"
- {{- end }}
|
