apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: {{ include "sriov-network-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - events - configmaps - secrets verbs: - '*' - apiGroups: - apps resources: - deployments - daemonsets - replicasets - statefulsets verbs: - '*' - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create - apiGroups: - apps resourceNames: - sriov-network-operator resources: - deployments/finalizers verbs: - update - apiGroups: - rbac.authorization.k8s.io resources: - serviceaccounts - roles - rolebindings verbs: - '*' - apiGroups: - config.openshift.io resources: - infrastructures verbs: - get - list - watch - apiGroups: - 'coordination.k8s.io' resources: - 'leases' verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sriov-network-config-daemon namespace: {{ .Release.Namespace }} labels: {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - pods verbs: - '*' - apiGroups: - apps resources: - daemonsets verbs: - '*' - apiGroups: - sriovnetwork.openshift.io resources: - '*' - sriovnetworknodestates verbs: - '*' - apiGroups: - security.openshift.io resourceNames: - privileged resources: - securitycontextconstraints verbs: - use - apiGroups: - "" resources: - configmaps verbs: - get - update - apiGroups: - 'coordination.k8s.io' resources: - 'leases' verbs: - '*' - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: operator-webhook-sa namespace: {{ .Release.Namespace }} labels: {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - configmaps verbs: - get