apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: minio-operator-role rules: - apiGroups: - "apiextensions.k8s.io" resources: - customresourcedefinitions verbs: - get - update - apiGroups: - "" resources: - persistentvolumeclaims verbs: - get - update - list - apiGroups: - "" resources: - namespaces - nodes verbs: - create - get - watch - list - apiGroups: - "" resources: - pods - services - events - configmaps verbs: - get - watch - create - list - delete - deletecollection - update - patch - apiGroups: - "" resources: - secrets verbs: - get - watch - create - update - list - delete - deletecollection - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - roles - rolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - statefulsets - deployments - deployments/finalizers verbs: - get - create - list - patch - watch - update - delete - apiGroups: - batch resources: - jobs verbs: - get - create - list - patch - watch - update - delete - apiGroups: - "certificates.k8s.io" resources: - "certificatesigningrequests" - "certificatesigningrequests/approval" - "certificatesigningrequests/status" verbs: - update - create - get - delete - list - apiGroups: - certificates.k8s.io resourceNames: - kubernetes.io/legacy-unknown - kubernetes.io/kube-apiserver-client - kubernetes.io/kubelet-serving - beta.eks.amazonaws.com/app-serving resources: - signers verbs: - approve - sign - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - minio.min.io resources: - "*" verbs: - "*" - apiGroups: - min.io - sts.min.io resources: - "*" verbs: - "*" - apiGroups: - monitoring.coreos.com resources: - prometheuses verbs: - '*' - apiGroups: - "coordination.k8s.io" resources: - leases verbs: - get - update - create