Reloader/deployments/kubernetes/chart/reloader/templates/role.yaml

{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }}
{{- if  (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
apiVersion: rbac.authorization.k8s.io/v1
{{ else }}
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- end }}
kind: Role
metadata:
  annotations:
{{ include "reloader-helm3.annotations" . | indent 4 }}
  labels:
{{ include "reloader-labels.chart" . | indent 4 }}
{{- if .Values.reloader.rbac.labels }}
{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
{{- end }}
{{- if .Values.reloader.matchLabels }}
{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
{{- end }}
  name: {{ template "reloader-fullname" . }}-role
  namespace: {{ .Values.namespace | default .Release.Namespace }}
rules:
  - apiGroups:
      - ""
    resources:
{{- if .Values.reloader.ignoreSecrets }}{{- else }}
      - secrets
{{- end }}
{{- if .Values.reloader.ignoreConfigMaps }}{{- else }}
      - configmaps
{{- end }}
    verbs:
      - list
      - get
      - watch
{{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }}
  - apiGroups:
      - "apps.openshift.io"
      - ""
    resources:
      - deploymentconfigs
    verbs:
      - list
      - get
      - update
      - patch
{{- end }}
{{- if and (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1") (.Values.reloader.isArgoRollouts) }}
  - apiGroups:
      - "argoproj.io"
      - ""
    resources:
      - rollouts
    verbs:
      - list
      - get
      - update
      - patch
{{- end }}
  - apiGroups:
      - "apps"
    resources:
      - deployments
      - daemonsets
      - statefulsets
    verbs:
      - list
      - get
      - update
      - patch
  - apiGroups:
      - "batch"
    resources:
      - cronjobs
    verbs:
      - list
      - get
  - apiGroups:
      - "batch"
    resources:
      - jobs
    verbs:
      - create
      - delete
      - list
      - get
{{- if .Values.reloader.enableHA }}
  - apiGroups:
      - "coordination.k8s.io"
    resources:
      - leases
    verbs:
      - create
      - get
      - update
{{- end}}
{{- if .Values.reloader.enableCSIIntegration }}
  - apiGroups:
      - "secrets-store.csi.x-k8s.io"
    resources:
      - secretproviderclasspodstatuses
      - secretproviderclasses
    verbs:
      - list
      - get
      - watch
{{- end}}
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
{{- end }}

---

{{- if .Values.reloader.rbac.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  annotations:
{{ include "reloader-helm3.annotations" . | indent 4 }}
  labels:
{{ include "reloader-labels.chart" . | indent 4 }}
{{- if .Values.reloader.rbac.labels }}
{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
{{- end }}
{{- if .Values.reloader.matchLabels }}
{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
{{- end }}
  name: {{ template "reloader-fullname" . }}-metadata-role
  namespace: {{ .Values.namespace | default .Release.Namespace }}
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - list
      - get
      - watch
      - create
      - update
{{- end }}