github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/deployment/sriov-network-operator/templates/role.yaml (about)

     1  apiVersion: rbac.authorization.k8s.io/v1
     2  kind: Role
     3  metadata:
     4    creationTimestamp: null
     5    name: {{ include "sriov-network-operator.fullname" . }}
     6    namespace: {{ .Release.Namespace }}
     7    labels:
     8    {{- include "sriov-network-operator.labels" . | nindent 4 }}
     9  rules:
    10    - apiGroups:
    11        - ""
    12      resources:
    13        - pods
    14        - services
    15        - endpoints
    16        - persistentvolumeclaims
    17        - events
    18        - configmaps
    19        - secrets
    20      verbs:
    21        - '*'
    22    - apiGroups:
    23        - apps
    24      resources:
    25        - deployments
    26        - daemonsets
    27        - replicasets
    28        - statefulsets
    29      verbs:
    30        - '*'
    31    - apiGroups:
    32        - monitoring.coreos.com
    33      resources:
    34        - servicemonitors
    35      verbs:
    36        - get
    37        - create
    38    - apiGroups:
    39        - apps
    40      resourceNames:
    41        - sriov-network-operator
    42      resources:
    43        - deployments/finalizers
    44      verbs:
    45        - update
    46    - apiGroups:
    47        - rbac.authorization.k8s.io
    48      resources:
    49        - serviceaccounts
    50        - roles
    51        - rolebindings
    52      verbs:
    53        - '*'
    54    - apiGroups:
    55        - config.openshift.io
    56      resources:
    57        - infrastructures
    58      verbs:
    59        - get
    60        - list
    61        - watch
    62  ---
    63  apiVersion: rbac.authorization.k8s.io/v1
    64  kind: Role
    65  metadata:
    66    name: sriov-network-config-daemon
    67    namespace: {{ .Release.Namespace }}
    68    labels:
    69    {{- include "sriov-network-operator.labels" . | nindent 4 }}
    70  rules:
    71    - apiGroups:
    72        - ""
    73      resources:
    74        - pods
    75      verbs:
    76        - '*'
    77    - apiGroups:
    78        - apps
    79      resources:
    80        - daemonsets
    81      verbs:
    82        - '*'
    83    - apiGroups:
    84        - sriovnetwork.openshift.io
    85      resources:
    86        - '*'
    87        - sriovnetworknodestates
    88      verbs:
    89        - '*'
    90    - apiGroups:
    91        - security.openshift.io
    92      resourceNames:
    93        - privileged
    94      resources:
    95        - securitycontextconstraints
    96      verbs:
    97        - use
    98    - apiGroups:
    99        - ""
   100      resources:
   101        - configmaps
   102      verbs:
   103        - get
   104        - update
   105    - apiGroups:
   106        - 'coordination.k8s.io'
   107      resources:
   108        - 'leases'
   109      verbs:
   110        - '*'
   111    - apiGroups:
   112        - ""
   113      resources:
   114        - events
   115      verbs:
   116        - create
   117        - patch
   118  ---
   119  apiVersion: rbac.authorization.k8s.io/v1
   120  kind: Role
   121  metadata:
   122    name: operator-webhook-sa
   123    namespace: {{ .Release.Namespace }}
   124    labels:
   125    {{- include "sriov-network-operator.labels" . | nindent 4 }}
   126  rules:
   127    - apiGroups:
   128        - ""
   129      resources:
   130        - configmaps
   131      verbs:
   132        - get