constellation/internal/helm/charts/cilium/templates/spire/server/rolebinding.yaml

{{- if and .Values.authentication.mutual.spire.enabled .Values.authentication.mutual.spire.install.enabled -}}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}
  namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
  {{- with .Values.authentication.mutual.spire.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: spire-server
subjects:
- kind: ServiceAccount
  name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}
  namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}-pod
  namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
  {{- with .Values.authentication.mutual.spire.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}-pod
subjects:
- kind: ServiceAccount
  name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}
  namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
{{- end }}
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork. 2023-10-16 13:14:53 -04:00			`{{- if and .Values.authentication.mutual.spire.enabled .Values.authentication.mutual.spire.install.enabled -}}`
			`kind: RoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}`
			`namespace: {{ .Values.authentication.mutual.spire.install.namespace }}`
			`{{- with .Values.authentication.mutual.spire.annotations }}`
			`annotations:`
			`{{- toYaml . \| nindent 4 }}`
			`{{- end }}`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: spire-server`
			`subjects:`
			`- kind: ServiceAccount`
			`name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}`
			`namespace: {{ .Values.authentication.mutual.spire.install.namespace }}`
			`---`
			`kind: RoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}-pod`
			`namespace: {{ .Values.authentication.mutual.spire.install.namespace }}`
			`{{- with .Values.authentication.mutual.spire.annotations }}`
			`annotations:`
			`{{- toYaml . \| nindent 4 }}`
			`{{- end }}`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}-pod`
			`subjects:`
			`- kind: ServiceAccount`
			`name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}`
			`namespace: {{ .Values.authentication.mutual.spire.install.namespace }}`
			`{{- end }}`