apiVersion: v1
kind: Namespace
metadata:
  name: {{ .Values.gingress.namespace | default "gingress-system" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gingress-controller
  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: gingress-controller
rules:
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses", "ingressclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses/status"]
    verbs: ["update", "patch"]
  - apiGroups: [""]
    resources: ["services", "endpoints", "endpointslices", "secrets", "nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["discovery.k8s.io"]
    resources: ["endpointslices"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: gingress-controller
subjects:
  - kind: ServiceAccount
    name: gingress-controller
    namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: gingress
spec:
  controller: gingress.io/gingress-controller