github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-cluster-agent/templates/clusterrole.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-cluster-agent/templates/clusterrole.yaml (about)

     1  # Copyright (c) 2023, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  ---
     4  apiVersion: rbac.authorization.k8s.io/v1
     5  kind: ClusterRole
     6  metadata:
     7    name: verrazzano-cluster-agent
     8  aggregationRule:
     9    clusterRoleSelectors:
    10      - matchLabels:
    11          verrazzano.io/aggregate-to-verrazzano-cluster-agent: "true"
    12      - matchLabels:
    13          verrazzano.io/aggregate-to-verrazzano-project-admin: "true"
    14      - matchLabels:
    15          verrazzano.io/aggregate-to-verrazzano-project-monitor: "true"
    16  rules: []
    17  ---
    18  apiVersion: rbac.authorization.k8s.io/v1
    19  kind: ClusterRole
    20  metadata:
    21    name: verrazzano-cluster-agent-rules
    22    labels:
    23      verrazzano.io/aggregate-to-verrazzano-cluster-agent: "true"
    24  rules:
    25    - apiGroups:
    26        - ""
    27      resources:
    28        - namespaces
    29        - secrets
    30        - configmaps
    31      verbs:
    32        - create
    33        - delete
    34        - deletecollection
    35        - get
    36        - list
    37        - patch
    38        - update
    39        - watch
    40    - apiGroups:
    41        - ""
    42      resources:
    43        - secrets
    44        - configmaps
    45      verbs:
    46        - create
    47        - update
    48        - list
    49        - get
    50        - watch
    51    - apiGroups:
    52        - apps
    53      resources:
    54        - deployments
    55      verbs:
    56        - patch
    57    - apiGroups:
    58        - apiextensions.k8s.io
    59      resources:
    60        - customresourcedefinitions
    61      verbs:
    62        - get
    63        - list
    64        - watch
    65    - apiGroups:
    66        - networking.k8s.io
    67      resources:
    68        - ingresses
    69      verbs:
    70        - list
    71        - watch
    72    - apiGroups:
    73        - networking.k8s.io
    74      resources:
    75        - networkpolicies
    76      verbs:
    77        - create
    78        - delete
    79        - deletecollection
    80        - get
    81        - list
    82        - patch
    83        - update
    84        - watch
    85    - apiGroups:
    86        - rbac.authorization.k8s.io
    87      resources:
    88        - clusterroles
    89        - roles
    90        - rolebindings
    91      verbs:
    92        - bind
    93        - create
    94        - update
    95        - delete
    96        - get
    97        - list
    98        - watch
    99    - apiGroups:
   100        - monitoring.coreos.com
   101      resources:
   102        - servicemonitors
   103        - podmonitors
   104      verbs:
   105        - list
   106        - watch
   107        - update
   108    - apiGroups:
   109        - clusters.verrazzano.io
   110      resources:
   111        - '*'
   112        - '*/status'
   113      verbs:
   114        - create
   115        - delete
   116        - deletecollection
   117        - get
   118        - list
   119        - patch
   120        - update
   121        - watch
   122    - apiGroups:
   123        - install.verrazzano.io
   124      resources:
   125        - verrazzanos
   126      verbs:
   127        - list
   128        - watch