github.com/m3db/m3@v1.5.1-0.20231129193456-75a402aa583b/scripts/vagrant/provision/manifests/operator.yaml (about)

     1  # Bundle source: https://github.com/m3db/m3db-operator/blob/master/bundle.yaml
     2  ---
     3  # Source: m3db-operator/templates/service_account.yaml
     4  apiVersion: v1
     5  kind: ServiceAccount
     6  metadata:
     7    name: m3db-operator
     8    namespace: default
     9  
    10  ---
    11  # Source: m3db-operator/templates/cluster_role.yaml
    12  apiVersion: rbac.authorization.k8s.io/v1beta1
    13  kind: ClusterRole
    14  metadata:
    15    name: m3db-operator
    16  rules:
    17  - apiGroups: ["extensions"]
    18    resources: ["deployments", "replicasets", "daemonsets"]
    19    verbs: ["create", "get", "update", "delete", "list"]
    20  - apiGroups: ["apiextensions.k8s.io"]
    21    resources: ["customresourcedefinitions"]
    22    verbs: ["create", "get", "update", "delete", "list"]
    23  - apiGroups: ["storage.k8s.io"]
    24    resources: ["storageclasses"]
    25    verbs: ["get", "list", "create", "delete", "deletecollection"]
    26  - apiGroups: [""]
    27    resources: ["persistentvolumes", "persistentvolumeclaims", "services", "secrets", "configmaps"]
    28    verbs: ["create", "get", "update", "delete", "list"]
    29  - apiGroups: ["batch"]
    30    resources: ["cronjobs", "jobs"]
    31    verbs: ["create", "get", "deletecollection", "delete"]
    32  - apiGroups: [""]
    33    resources: ["pods"]
    34    verbs: ["list", "get", "watch", "patch", "update"]
    35  - apiGroups: ["apps"]
    36    resources: ["statefulsets", "deployments"]
    37    verbs: ["*"]
    38  - apiGroups: ["operator.m3db.io"]
    39    resources: ["*"]
    40    verbs: ["*"]
    41  - apiGroups: [""]
    42    resources: ["events"]
    43    verbs: ["create", "patch"]
    44  - apiGroups: [""]
    45    resources: ["nodes"]
    46    verbs: ["get", "list", "watch"]
    47  
    48  ---
    49  # Source: m3db-operator/templates/cluster_role_binding.yaml
    50  apiVersion: rbac.authorization.k8s.io/v1beta1
    51  kind: ClusterRoleBinding
    52  metadata:
    53    name: m3db-operator
    54  roleRef:
    55    apiGroup: rbac.authorization.k8s.io
    56    kind: ClusterRole
    57    name: m3db-operator
    58  subjects:
    59  - kind: ServiceAccount
    60    name: m3db-operator
    61    namespace: default
    62  
    63  ---
    64  # Source: m3db-operator/templates/stateful_set.yaml
    65  apiVersion: apps/v1
    66  kind: StatefulSet
    67  metadata:
    68    name: m3db-operator
    69    namespace: default
    70  spec:
    71    serviceName: m3db-operator
    72    replicas: 1
    73    selector:
    74      matchLabels:
    75        name: m3db-operator
    76    template:
    77      metadata:
    78        labels:
    79          name: m3db-operator
    80      spec:
    81        securityContext:
    82          runAsNonRoot: true
    83          runAsUser: 65534
    84          runAsGroup: 65534
    85        containers:
    86          - name: m3db-operator
    87            image: quay.io/m3db/m3db-operator:v0.4.0
    88            command:
    89            - m3db-operator
    90            imagePullPolicy: Always
    91            env:
    92              - name: ENVIRONMENT
    93                value: production
    94        serviceAccount: m3db-operator