{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ include "bascule.fullname" . }}
rules:
  - apiGroups: [""]
    resources: ["pods/exec"]
    verbs: ["create"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ include "bascule.fullname" . }}
subjects:
  - kind: ServiceAccount
    name: {{ include "bascule.serviceAccountName" . }}
roleRef:
  kind: Role
  name: {{ include "bascule.fullname" . }}
  apiGroup: rbac.authorization.k8s.io
{{- end }}