forked from RedisLabs/redis-enterprise-k8s-docs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
role.yaml
56 lines (55 loc) · 1.51 KB
/
role.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-operator
rules:
- apiGroups: ["rbac.authorization.k8s.io", ""]
resources: ["roles", "serviceaccounts", "rolebindings"]
verbs: ["*"]
- apiGroups:
- app.redislabs.com
resources:
- "*"
verbs:
- "*"
- apiGroups: [""]
resources: ["secrets"]
verbs: ["*"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["*"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["create", "delete", "get"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "delete", "get" , "update", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["create", "delete", "get" , "update"]
# needed rbac rules for services controller
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list", "update", "patch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "watch", "list", "update", "patch", "create", "delete"]
- apiGroups:
- route.openshift.io
resources: ["routes", "routes/custom-host"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
resourceNames:
- redis-enterprise-psp
verbs:
- use
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["*"]