jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c7413eae10
charts/mariadb-operator/templates/rbac.yaml

444 lines
5.9 KiB
YAML
Raw Blame History

{{- if .Values.rbac.enabled -}}
{{ $fullName := include "mariadb-operator.fullname" . }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $fullName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $fullName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- endpoints
- endpoints/restricted
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- list
- patch
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- list
- patch
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- list
- patch
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- list
- patch
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- backups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- backups/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- backups/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- connections
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- connections
- restores
verbs:
- create
- list
- patch
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- connections/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- connections/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- databases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- databases/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- databases/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- grants
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- grants/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- grants/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- mariadbs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- mariadbs/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- mariadbs/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- restores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- restores/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- restores/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- sqljobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- sqljobs/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- sqljobs/status
verbs:
- get
- patch
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- users
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mariadb.mmontes.io
resources:
- users/finalizers
verbs:
- update
- apiGroups:
- mariadb.mmontes.io
resources:
- users/status
verbs:
- get
- patch
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- list
- patch
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- rolebindings
- roles
verbs:
- create
- list
- patch
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- list
- patch
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $fullName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $fullName }}
subjects:
- kind: ServiceAccount
name: {{ include "mariadb-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $fullName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $fullName }}
subjects:
- kind: ServiceAccount
name: {{ include "mariadb-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $fullName }}:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: {{ include "mariadb-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink