mirror of https://git.rancher.io/charts
389 lines
4.9 KiB
YAML
389 lines
4.9 KiB
YAML
{{- if .Values.rbac.enabled }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ template "logging-operator.fullname" . }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- endpoints
|
|
- namespaces
|
|
- nodes
|
|
- nodes/proxy
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- persistentvolumeclaims
|
|
- pods
|
|
- serviceaccounts
|
|
- services
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
- events.k8s.io
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- daemonsets
|
|
- replicasets
|
|
- statefulsets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- apps
|
|
- extensions
|
|
resources:
|
|
- daemonsets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- apps
|
|
- extensions
|
|
resources:
|
|
- deployments
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- apps
|
|
- extensions
|
|
resources:
|
|
- statefulsets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- events.k8s.io
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
- policy
|
|
resources:
|
|
- podsecuritypolicies
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- use
|
|
- watch
|
|
- apiGroups:
|
|
- logging-extensions.banzaicloud.io
|
|
resources:
|
|
- eventtailers
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- logging-extensions.banzaicloud.io
|
|
resources:
|
|
- eventtailers/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- logging-extensions.banzaicloud.io
|
|
resources:
|
|
- hosttailers
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- logging-extensions.banzaicloud.io
|
|
resources:
|
|
- hosttailers/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- clusterflows
|
|
- clusteroutputs
|
|
- flows
|
|
- fluentbitagents
|
|
- fluentdconfigs
|
|
- loggings
|
|
- nodeagents
|
|
- outputs
|
|
- syslogngconfigs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- clusterflows/status
|
|
- clusteroutputs/status
|
|
- flows/status
|
|
- fluentbitagents/status
|
|
- fluentdconfigs/status
|
|
- loggings/status
|
|
- nodeagents/status
|
|
- outputs/status
|
|
- syslogngconfigs/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- loggingroutes
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- loggingroutes/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- loggings/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- syslogngclusterflows
|
|
- syslogngclusteroutputs
|
|
- syslogngflows
|
|
- syslogngoutputs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- logging.banzaicloud.io
|
|
resources:
|
|
- syslogngclusterflows/status
|
|
- syslogngclusteroutputs/status
|
|
- syslogngflows/status
|
|
- syslogngoutputs/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- monitoring.coreos.com
|
|
resources:
|
|
- prometheusrules
|
|
- servicemonitors
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- policy
|
|
resources:
|
|
- poddisruptionbudgets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterrolebindings
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterrolebindings
|
|
- clusterroles
|
|
- rolebindings
|
|
- roles
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterroles
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
{{- end }}
|