github.com/ironcore-dev/gardener-extension-provider-ironcore@v0.3.2-0.20240314231816-8336447fb9a0/charts/gardener-extension-provider-ironcore/templates/rbac.yaml

github.com/ironcore-dev/gardener-extension-provider-ironcore@v0.3.2-0.20240314231816-8336447fb9a0/charts/gardener-extension-provider-ironcore/templates/rbac.yaml (about)

     1  ---
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: ClusterRole
     4  metadata:
     5    name: {{ include "name" . }}
     6    labels:
     7  {{ include "labels" . | indent 4 }}
     8  rules:
     9  - apiGroups:
    10    - extensions.gardener.cloud
    11    resources:
    12    - backupbuckets
    13    - backupbuckets/status
    14    - backupentries
    15    - backupentries/status
    16    - clusters
    17    - controlplanes
    18    - controlplanes/status
    19    - infrastructures
    20    - infrastructures/status
    21    - bastions
    22    - bastions/status
    23    - workers
    24    - workers/status
    25    verbs:
    26    - get
    27    - list
    28    - watch
    29    - patch
    30    - update
    31  - apiGroups:
    32    - resources.gardener.cloud
    33    resources:
    34    - managedresources
    35    verbs:
    36    - "*"
    37  - apiGroups:
    38    - coordination.k8s.io
    39    resources:
    40    - leases
    41    verbs:
    42    - create
    43    - list
    44    - watch
    45  - apiGroups:
    46    - coordination.k8s.io
    47    resources:
    48    - leases
    49    resourceNames:
    50    - provider-ironcore-leader-election
    51    - gardener-extension-heartbeat
    52    verbs:
    53    - get
    54    - update
    55  - apiGroups:
    56    - ""
    57    - apps
    58    - batch
    59    - rbac.authorization.k8s.io
    60    - admissionregistration.k8s.io
    61    - apiextensions.k8s.io
    62    - networking.k8s.io
    63    resources:
    64    - namespaces
    65    - namespaces/finalizers
    66    - events
    67    - secrets
    68    - configmaps
    69    - endpoints
    70    - deployments
    71    - deployments/scale
    72    - services
    73    - serviceaccounts
    74    - clusterroles
    75    - clusterrolebindings
    76    - roles
    77    - rolebindings
    78    - jobs
    79    - pods
    80    - pods/log
    81    - mutatingwebhookconfigurations
    82    - customresourcedefinitions
    83    - networkpolicies
    84    verbs:
    85    - "*"
    86  - apiGroups:
    87    - machine.sapcloud.io
    88    resources:
    89    - "*"
    90    verbs:
    91    - "*"
    92  - apiGroups:
    93    - autoscaling.k8s.io
    94    resources:
    95    - verticalpodautoscalers
    96    verbs:
    97    - "*"
    98  - apiGroups:
    99      - policy
   100    resources:
   101      - poddisruptionbudgets
   102    verbs:
   103      - create
   104      - get
   105      - list
   106      - watch
   107      - patch
   108      - update
   109      - delete
   110  ---
   111  apiVersion: rbac.authorization.k8s.io/v1
   112  kind: ClusterRoleBinding
   113  metadata:
   114    name: {{ include "name" . }}
   115    labels:
   116  {{ include "labels" . | indent 4 }}
   117  roleRef:
   118    apiGroup: rbac.authorization.k8s.io
   119    kind: ClusterRole
   120    name: {{ include "name" . }}
   121  subjects:
   122  - kind: ServiceAccount
   123    name: {{ include "name" . }}
   124    namespace: {{ .Release.Namespace }}