{{with .Values -}} {{if .Identity -}} --- ### ### Identity Controller Service Config ### --- kind: ServiceAccount apiVersion: v1 metadata: name: linkerd-identity namespace: {{.Namespace}} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-{{.Namespace}}-identity rules: - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: linkerd-{{.Namespace}}-identity roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: linkerd-{{.Namespace}}-identity subjects: - kind: ServiceAccount name: linkerd-identity namespace: {{.Namespace}} {{- if .Identity.Issuer}} --- kind: Secret apiVersion: v1 metadata: name: linkerd-identity-issuer namespace: {{.Namespace}} labels: {{.ControllerComponentLabel}}: identity annotations: {{.CreatedByAnnotation}}: {{.CliVersion}} {{- if .Identity.Issuer.CrtExpiryAnnotation}} {{.Identity.Issuer.CrtExpiryAnnotation}}: {{.Identity.Issuer.CrtExpiry}} {{- end}} data: crt.pem: {{b64enc .Identity.Issuer.CrtPEM}} key.pem: {{b64enc .Identity.Issuer.KeyPEM}} {{- end}} {{end -}} {{end -}}