Standard resources cheatsheet
ClusterRole
Basic example
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- namespaces
- nodes
- pods
- pods/logs
- replicationcontrollers
- serviceaccounts
- services
verbs: &readOnly
- get
- watch
- list
- apiGroups: [""]
resources:
- secrets
verbs: &listOnly
- list
- apiGroups: ["apps"]
resources:
- controllerrevisions
- deployments
- daemonsets
- replicasets
- statefulsets
verbs: *readOnly
- apiGroups: ["autoscaling"]
resources:
- autoscaling
verbs: *readOnly
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs: *readOnly
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs: *readOnly
- apiGroups: ["policy"]
resources:
- podsecuritypolicies
verbs: *readOnlyClusterRoleBinding
Basic example for ServiceAccount <> ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Values.serviceAccount.namespace }}
roleRef:
kind: ClusterRole
name: {{ .Values.clusterRole.name }}
apiGroup: rbac.authorization.k8s.ioConfigMap
Basic example with hardcoded values
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
data:
var1: value1
var2: value2For use with a .Values.config.env hashmap
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "template.fullname" . }}-env
labels:
{{- include template.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-weight: "-10"
helm.sh/resource-policy: keep
data:
{{ toYaml .Values.config.env | nindent 2 }}CronJob
DaemonSet
Deployment
Ingress
Secret
Service
ServiceAccount
StatefulSet
Last updated