mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 07:06:56 -06:00
78 lines
1.2 KiB
YAML
78 lines
1.2 KiB
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: manager-role
|
|
rules:
|
|
##
|
|
## Base operator rules
|
|
##
|
|
# We need to get namespaces so the operator can read namespaces to ensure they exist
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- get
|
|
# We need to manage Helm release secrets
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- "*"
|
|
# We need to create events on CRs about things happening during reconciliation
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
|
|
##
|
|
## Rules for charts.my.domain/v1alpha1, Kind: OpenshiftPipelines
|
|
##
|
|
- apiGroups:
|
|
- charts.my.domain
|
|
resources:
|
|
- openshiftpipelines
|
|
- openshiftpipelines/status
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- verbs:
|
|
- "*"
|
|
apiGroups:
|
|
- "rbac.authorization.k8s.io"
|
|
resources:
|
|
- "clusterrolebindings"
|
|
- "clusterroles"
|
|
- verbs:
|
|
- "*"
|
|
apiGroups:
|
|
- "apps"
|
|
resources:
|
|
- "statefulsets"
|
|
- verbs:
|
|
- "*"
|
|
apiGroups:
|
|
- ""
|
|
resources:
|
|
- "configmaps"
|
|
- "secrets"
|
|
- "serviceaccounts"
|
|
- "services"
|
|
- verbs:
|
|
- "*"
|
|
apiGroups:
|
|
- "rbac.authorization.k8s.io"
|
|
resources:
|
|
- "rolebindings"
|
|
- "roles"
|
|
|
|
# +kubebuilder:scaffold:rules
|