github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/templates/rbac/cluster_pod_required_role.yaml

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/templates/rbac/cluster_pod_required_role.yaml (about)

     1  # permissions for end users to edit clusters.
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: ClusterRole
     4  metadata:
     5    name: kubeblocks-cluster-pod-role
     6    labels:
     7      {{- include "kubeblocks.labels" . | nindent 4 }}
     8  aggregationRule:
     9    clusterRoleSelectors:
    10    - matchLabels:
    11        {{- include "kubeblocks.selectorLabels" . | nindent 6 }}
    12        app.kubernetes.io/required-by: pod
    13  ---
    14  apiVersion: rbac.authorization.k8s.io/v1
    15  kind: ClusterRole
    16  metadata:
    17    name: kubeblocks-lorry-pod-role
    18    labels:
    19      {{- include "kubeblocks.labels" . | nindent 4 }}
    20      app.kubernetes.io/required-by: pod
    21  rules:
    22  - apiGroups:
    23    - ""
    24    resources:
    25    - events
    26    verbs:
    27    - create
    28  - apiGroups:
    29    - ""
    30    resources:
    31    - configmaps
    32    verbs:
    33    - create
    34    - get
    35    - list
    36    - patch
    37    - update
    38    - delete
    39  - apiGroups:
    40    - apps.kubeblocks.io
    41    resources:
    42    - clusters
    43    verbs:
    44    - get
    45    - list
    46  - apiGroups:
    47    - apps.kubeblocks.io
    48    resources:
    49    - clusters/status
    50    verbs:
    51    - get
    52  - apiGroups:
    53    - ""
    54    resources:
    55    - pods
    56    verbs:
    57    - get
    58    - list
    59  ---
    60  apiVersion: rbac.authorization.k8s.io/v1
    61  kind: ClusterRole
    62  metadata:
    63    name: kubeblocks-patroni-pod-role
    64    labels:
    65      {{- include "kubeblocks.labels" . | nindent 4 }}
    66      app.kubernetes.io/required-by: pod
    67  rules:
    68  - apiGroups:
    69    - ""
    70    resources:
    71    - configmaps
    72    verbs:
    73    - create
    74    - get
    75    - list
    76    - patch
    77    - update
    78    - watch
    79    # delete is required only for 'patronictl remove'
    80    - delete
    81  - apiGroups:
    82    - ""
    83    resources:
    84    - endpoints
    85    verbs:
    86    - get
    87    - patch
    88    - update
    89    - create
    90    - list
    91    - watch
    92    # delete is required only for 'patronictl remove'
    93    - delete
    94  - apiGroups:
    95    - ""
    96    resources:
    97    - pods
    98    verbs:
    99    - get
   100    - list
   101    - patch
   102    - update
   103    - watch
   104  ---
   105  apiVersion: rbac.authorization.k8s.io/v1
   106  kind: ClusterRole
   107  metadata:
   108    name: kubeblocks-backup-pod-role
   109    labels:
   110      {{- include "kubeblocks.labels" . | nindent 4 }}
   111      app.kubernetes.io/required-by: pod
   112  rules:
   113  - apiGroups:
   114    - "dataprotection.kubeblocks.io"
   115    resources:
   116    - backups/status
   117    verbs:
   118    - get
   119    - update
   120    - patch
   121  - apiGroups:
   122    - "dataprotection.kubeblocks.io"
   123    resources:
   124    - backups
   125    verbs:
   126    - create
   127  ---
   128  apiVersion: rbac.authorization.k8s.io/v1
   129  kind: ClusterRole
   130  metadata:
   131    name: kubeblocks-volume-protection-pod-role
   132    labels:
   133      {{- include "kubeblocks.labels" . | nindent 4 }}
   134      app.kubernetes.io/required-by: pod
   135  rules:
   136  - apiGroups:
   137      - ""
   138    resources:
   139      - nodes
   140      - nodes/stats
   141    verbs:
   142      - get
   143      - list