{{- if .Values.rbac.create }} kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "jaeger-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{ include "jaeger-operator.labels" . | indent 4 }} rules: - apiGroups: - apps resources: - daemonsets - deployments - replicasets - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - deployments/status verbs: - get - patch - update - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - console.openshift.io resources: - consolelinks verbs: - create - delete - get - list - patch - update - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - list - update - apiGroups: - "" resources: - configmaps - persistentvolumeclaims - pods - secrets - serviceaccounts - services - services/finalizers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces/status verbs: - get - patch - update - apiGroups: - extensions resources: - ingresses verbs: - create - delete - get - list - patch - update - watch - apiGroups: - image.openshift.io resources: - imagestreams verbs: - get - list - watch - apiGroups: - jaegertracing.io resources: - jaegers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - jaegertracing.io resources: - jaegers/finalizers verbs: - update - apiGroups: - jaegertracing.io resources: - jaegers/status verbs: - get - patch - update - apiGroups: - kafka.strimzi.io resources: - kafkas - kafkausers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - logging.openshift.io resources: - elasticsearch verbs: - create - delete - get - list - patch - update - watch - apiGroups: - logging.openshift.io resources: - elasticsearches verbs: - create - delete - get - list - patch - update - watch - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - route.openshift.io resources: - routes verbs: - create - delete - get - list - patch - update - watch {{- if .Values.rbac.pspEnabled }} - apiGroups: ['policy'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - {{ include "jaeger-operator.fullname" . }}-operator-psp {{- end }} {{- end }}