{{- if .Values.rbac.enabled -}} {{ $fullName := include "mariadb-operator.fullname" . }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ $fullName }} rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ $fullName }} rules: - apiGroups: - "" resources: - configmaps verbs: - create - get - list - patch - watch - apiGroups: - "" resources: - endpoints - endpoints/restricted verbs: - create - get - list - patch - watch - apiGroups: - "" resources: - events verbs: - create - list - patch - watch - apiGroups: - "" resources: - persistentvolumeclaims verbs: - create - list - patch - watch - apiGroups: - "" resources: - pods verbs: - delete - get - list - watch - apiGroups: - "" resources: - secrets verbs: - create - list - patch - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - list - patch - watch - apiGroups: - "" resources: - services verbs: - create - list - patch - watch - apiGroups: - apps resources: - deployments verbs: - create - list - patch - watch - apiGroups: - apps resources: - statefulsets verbs: - create - get - list - patch - watch - apiGroups: - batch resources: - cronjobs verbs: - create - list - patch - watch - apiGroups: - batch resources: - jobs verbs: - create - list - patch - watch - apiGroups: - mariadb.mmontes.io resources: - backups verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - backups/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - backups/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - connections verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - connections - restores verbs: - create - list - patch - watch - apiGroups: - mariadb.mmontes.io resources: - connections/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - connections/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - databases verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - databases/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - databases/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - grants verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - grants/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - grants/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - mariadbs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - mariadbs/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - mariadbs/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - restores verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - restores/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - restores/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - sqljobs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - sqljobs/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - sqljobs/status verbs: - get - patch - update - apiGroups: - mariadb.mmontes.io resources: - users verbs: - create - delete - get - list - patch - update - watch - apiGroups: - mariadb.mmontes.io resources: - users/finalizers verbs: - update - apiGroups: - mariadb.mmontes.io resources: - users/status verbs: - get - patch - update - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - list - patch - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - rolebindings - roles verbs: - create - list - patch - watch - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - create - list - patch - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ $fullName }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ $fullName }} subjects: - kind: ServiceAccount name: {{ include "mariadb-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ $fullName }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ $fullName }} subjects: - kind: ServiceAccount name: {{ include "mariadb-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ $fullName }}:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: {{ include "mariadb-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }}