Factory/sriov-network-operator-chart/templates/role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: null
  name: {{ include "sriov-network-operator.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - services
      - endpoints
      - persistentvolumeclaims
      - events
      - configmaps
      - secrets
    verbs:
      - '*'
  - apiGroups:
      - apps
    resources:
      - deployments
      - daemonsets
      - replicasets
      - statefulsets
    verbs:
      - '*'
  - apiGroups:
      - monitoring.coreos.com
    resources:
      - servicemonitors
    verbs:
      - get
      - create
  - apiGroups:
      - apps
    resourceNames:
      - sriov-network-operator
    resources:
      - deployments/finalizers
    verbs:
      - update
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - serviceaccounts
      - roles
      - rolebindings
    verbs:
      - '*'
  - apiGroups:
      - config.openshift.io
    resources:
      - infrastructures
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - 'coordination.k8s.io'
    resources:
      - 'leases'
    verbs:
      - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: sriov-network-config-daemon
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - '*'
  - apiGroups:
      - apps
    resources:
      - daemonsets
    verbs:
      - '*'
  - apiGroups:
      - sriovnetwork.openshift.io
    resources:
      - '*'
      - sriovnetworknodestates
    verbs:
      - '*'
  - apiGroups:
      - security.openshift.io
    resourceNames:
      - privileged
    resources:
      - securitycontextconstraints
    verbs:
      - use
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - update
  - apiGroups:
      - 'coordination.k8s.io'
    resources:
      - 'leases'
    verbs:
      - '*'
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: operator-webhook-sa
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
unpack obscpio files 2024-10-22 09:51:51 +02:00			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`creationTimestamp: null`
			`name: {{ include "sriov-network-operator.fullname" . }}`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{- include "sriov-network-operator.labels" . \| nindent 4 }}`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- pods`
			`- services`
			`- endpoints`
			`- persistentvolumeclaims`
			`- events`
			`- configmaps`
			`- secrets`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- apps`
			`resources:`
			`- deployments`
			`- daemonsets`
			`- replicasets`
			`- statefulsets`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- monitoring.coreos.com`
			`resources:`
			`- servicemonitors`
			`verbs:`
			`- get`
			`- create`
			`- apiGroups:`
			`- apps`
			`resourceNames:`
			`- sriov-network-operator`
			`resources:`
			`- deployments/finalizers`
			`verbs:`
			`- update`
			`- apiGroups:`
			`- rbac.authorization.k8s.io`
			`resources:`
			`- serviceaccounts`
			`- roles`
			`- rolebindings`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- config.openshift.io`
			`resources:`
			`- infrastructures`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- 'coordination.k8s.io'`
			`resources:`
			`- 'leases'`
			`verbs:`
			`- '*'`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: sriov-network-config-daemon`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{- include "sriov-network-operator.labels" . \| nindent 4 }}`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- pods`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- apps`
			`resources:`
			`- daemonsets`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- sriovnetwork.openshift.io`
			`resources:`
			`- '*'`
			`- sriovnetworknodestates`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- security.openshift.io`
			`resourceNames:`
			`- privileged`
			`resources:`
			`- securitycontextconstraints`
			`verbs:`
			`- use`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`verbs:`
			`- get`
			`- update`
			`- apiGroups:`
			`- 'coordination.k8s.io'`
			`resources:`
			`- 'leases'`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- events`
			`verbs:`
			`- create`
			`- patch`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: operator-webhook-sa`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{- include "sriov-network-operator.labels" . \| nindent 4 }}`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`verbs:`
			`- get`