239 lines
4.6 KiB
YAML
239 lines
4.6 KiB
YAML
{{- if .Values.serviceAccount.create }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
{{- with .Values.clusterOwnerRefereces }}
|
|
ownerReferences:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
name: {{ .Release.Name }}
|
|
rules:
|
|
- apiGroups: ["", "apps", "extensions", "rbac.authorization.k8s.io", "batch"]
|
|
resources:
|
|
- pods
|
|
- pods/exec
|
|
- pods/log
|
|
- services
|
|
- endpoints
|
|
- endpoints/restricted
|
|
- persistentvolumeclaims
|
|
- configmaps
|
|
- secrets
|
|
- deployments
|
|
- statefulsets
|
|
- serviceaccounts
|
|
- namespaces
|
|
- roles
|
|
- rolebindings
|
|
- events
|
|
- cronjobs
|
|
- jobs
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- create
|
|
- delete
|
|
- deletecollection
|
|
- patch
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["storageclasses"]
|
|
verbs: ["get", "list"]
|
|
- apiGroups: ["stackgres.io"]
|
|
resources:
|
|
- sgclusters
|
|
- sgpgconfigs
|
|
- sginstanceprofiles
|
|
- sgpoolconfigs
|
|
- sgbackupconfigs
|
|
- sgbackups
|
|
- sgdistributedlogs
|
|
- sgdbops
|
|
- sgobjectstorages
|
|
- sgscripts
|
|
- sgshardedclusters
|
|
- sgshardedbackups
|
|
- sgshardeddbops
|
|
- sgconfigs
|
|
verbs:
|
|
- create
|
|
- watch
|
|
- list
|
|
- get
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups: ["stackgres.io"]
|
|
resources:
|
|
- sgconfigs/status
|
|
- sgclusters/status
|
|
- sgdistributedlogs/status
|
|
- sgclusters/finalizers
|
|
- sgpgconfigs/finalizers
|
|
- sginstanceprofiles/finalizers
|
|
- sgpoolconfigs/finalizers
|
|
- sgbackupconfigs/finalizers
|
|
- sgbackups/finalizers
|
|
- sgdistributedlogs/finalizers
|
|
- sgdbops/finalizers
|
|
- sgobjectstorages/finalizers
|
|
- sgscripts/finalizers
|
|
- sgshardedclusters/finalizers
|
|
- sgshardedbackups/finalizers
|
|
- sgshardeddbops/finalizers
|
|
- sgconfigs/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups: ["", "apps", "batch"]
|
|
resources:
|
|
- statefulsets/finalizers
|
|
- persistentvolumeclaims/finalizers
|
|
- deployments/finalizers
|
|
- services/finalizers
|
|
- endpoints/finalizers
|
|
- cronjobs/finalizers
|
|
- jobs/finalizers
|
|
- pods/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources:
|
|
- customresourcedefinitions
|
|
resourceNames:
|
|
- sgconfigs.stackgres.io
|
|
- sgclusters.stackgres.io
|
|
- sginstanceprofiles.stackgres.io
|
|
- sgpgconfigs.stackgres.io
|
|
- sgpoolconfigs.stackgres.io
|
|
- sgbackups.stackgres.io
|
|
- sgbackupconfigs.stackgres.io
|
|
- sgobjectstorages.stackgres.io
|
|
- sgdbops.stackgres.io
|
|
- sgdistributedlogs.stackgres.io
|
|
- sgshardedclusters.stackgres.io
|
|
- sgshardedbackups.stackgres.io
|
|
- sgshardeddbops.stackgres.io
|
|
- sgscripts.stackgres.io
|
|
verbs:
|
|
- get
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- list
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources:
|
|
- volumesnapshots
|
|
verbs:
|
|
- list
|
|
- get
|
|
- watch
|
|
- create
|
|
{{- if .Values.prometheus.allowAutobind }}
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources:
|
|
- customresourcedefinitions
|
|
resourceNames:
|
|
- prometheuses.monitoring.coreos.com
|
|
verbs:
|
|
- get
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- list
|
|
- apiGroups: ["monitoring.coreos.com"]
|
|
resources:
|
|
- servicemonitors
|
|
- podmonitors
|
|
verbs:
|
|
- list
|
|
- get
|
|
- create
|
|
- delete
|
|
- update
|
|
- patch
|
|
- apiGroups: ["monitoring.coreos.com"]
|
|
resources:
|
|
- prometheus
|
|
- prometheuses
|
|
- podmonitors
|
|
verbs:
|
|
- list
|
|
- get
|
|
{{- end }}
|
|
{{- if not .Values.disableCRDcreation }}
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resources:
|
|
- mutatingwebhookconfigurations
|
|
- validatingwebhookconfigurations
|
|
resourceNames:
|
|
- {{ .Release.Name }}
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- create
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources:
|
|
- customresourcedefinitions
|
|
resourceNames:
|
|
- sgconfigs.stackgres.io
|
|
- sgclusters.stackgres.io
|
|
- sginstanceprofiles.stackgres.io
|
|
- sgpgconfigs.stackgres.io
|
|
- sgpoolconfigs.stackgres.io
|
|
- sgbackups.stackgres.io
|
|
- sgbackupconfigs.stackgres.io
|
|
- sgobjectstorages.stackgres.io
|
|
- sgdbops.stackgres.io
|
|
- sgdistributedlogs.stackgres.io
|
|
- sgshardedclusters.stackgres.io
|
|
- sgshardedbackups.stackgres.io
|
|
- sgshardeddbops.stackgres.io
|
|
- sgscripts.stackgres.io
|
|
verbs:
|
|
- patch
|
|
- update
|
|
{{- end }}
|
|
{{- end }}
|
|
- apiGroups: ["shardingsphere.apache.org"]
|
|
resources:
|
|
- computenodes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- create
|
|
- delete
|
|
- patch
|
|
- apiGroups: ["keda.sh"]
|
|
resources:
|
|
- scaledobjects
|
|
- triggerauthentications
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- create
|
|
- delete
|
|
- patch
|
|
- apiGroups: ["autoscaling.k8s.io"]
|
|
resources:
|
|
- verticalpodautoscalers
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- create
|
|
- delete
|
|
- patch
|
|
|