andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/ondat/ondat-operator/templates/rbac.yaml

886 lines
14 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
# Role for storageos operator
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: storageos:operator
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
- configmaps/status
- endpoints
- endpoints/status
- events
- namespaces
- persistentvolumeclaims
- persistentvolumeclaims/status
- persistentvolumes
- pods/binding
- pods/status
- replicationcontrollers
- resourcequotas
- secrets
- serviceaccounts
- services
- services/finalizers
- services/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- api.storageos.com
resources:
- nodes
- volumes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- api.storageos.com
resources:
- nodes/status
- volumes/status
verbs:
- get
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.storage.k8s.io
resources:
- csidrivers
- csistoragecapacities
verbs:
- create
- delete
- list
- watch
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- bind
- create
- delete
- get
- patch
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- create
- delete
- get
- update
- use
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
- volumesnapshotcontents
- volumesnapshots
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
- volumesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- storage.k8s.io
resources:
- csidrivers
- csinodeinfos
- csinodes
- csistoragecapacities
- storageclasses
- volumeattachments
- volumeattachments/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters/finalizers
verbs:
- update
- apiGroups:
- storageos.com
resources:
- storageosclusters/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:api-manager
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- endpoints/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- node
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- api.storageos.com
resources:
- nodes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- api.storageos.com
resources:
- nodes/status
verbs:
- get
- patch
- update
- apiGroups:
- api.storageos.com
resources:
- pools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- api.storageos.com
resources:
- pools/finalizers
verbs:
- update
- apiGroups:
- api.storageos.com
resources:
- pools/status
verbs:
- get
- patch
- update
- apiGroups:
- api.storageos.com
resources:
- volumes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- api.storageos.com
resources:
- volumes/status
verbs:
- get
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- delete
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:node-manager
rules:
- apiGroups:
- api.storageos.com
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- api.storageos.com
resources:
- volumes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- create
- delete
- get
- update
- use
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:portal-manager
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- persistentvolumeclaims
- persistentvolumes
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- api.storageos.com
resources:
- nodes
- volumes
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- volumeattachments
verbs:
- list
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- list
- watch
- apiGroups:
- storageos.com
resources:
- storageosportals
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:scheduler-extender
rules:
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- get
- list
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:proxy:operator
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
# Bind operator service account to storageos-operator role
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: storageos:operator
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: storageos:operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:api-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:api-manager
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:node-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:node-manager
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: storageos
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:portal-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:portal-manager
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: storageos
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:scheduler-extender
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:scheduler-extender
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:proxy:operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:proxy:operator
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
Reference in New Issue View Git Blame Copy Permalink