github.com/verrazzano/verrazzano@v1.7.1/platform-operator/helm_config/charts/verrazzano-cluster-agent/templates/clusterrole.yaml (about)

     1  # Copyright (c) 2023, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  ---
     4  apiVersion: rbac.authorization.k8s.io/v1
     5  kind: ClusterRole
     6  metadata:
     7    name: verrazzano-cluster-agent
     8  aggregationRule:
     9    clusterRoleSelectors:
    10      - matchLabels:
    11          verrazzano.io/aggregate-to-verrazzano-cluster-agent: "true"
    12      - matchLabels:
    13          verrazzano.io/aggregate-to-verrazzano-project-admin: "true"
    14      - matchLabels:
    15          verrazzano.io/aggregate-to-verrazzano-project-monitor: "true"
    16  rules: []
    17  ---
    18  apiVersion: rbac.authorization.k8s.io/v1
    19  kind: ClusterRole
    20  metadata:
    21    name: verrazzano-cluster-agent-rules
    22    labels:
    23      verrazzano.io/aggregate-to-verrazzano-cluster-agent: "true"
    24  rules:
    25    - apiGroups:
    26        - ""
    27      resources:
    28        - namespaces
    29        - secrets
    30        - configmaps
    31      verbs:
    32        - create
    33        - delete
    34        - deletecollection
    35        - get
    36        - list
    37        - patch
    38        - update
    39        - watch
    40    - apiGroups:
    41        - ""
    42      resources:
    43        - secrets
    44        - configmaps
    45      verbs:
    46        - create
    47        - update
    48        - list
    49        - get
    50        - watch
    51    - apiGroups:
    52        - apps
    53      resources:
    54        - deployments
    55      verbs:
    56        - patch
    57        - update
    58        - get
    59    - apiGroups:
    60        - apiextensions.k8s.io
    61      resources:
    62        - customresourcedefinitions
    63      verbs:
    64        - get
    65        - list
    66        - watch
    67    - apiGroups:
    68        - networking.k8s.io
    69      resources:
    70        - ingresses
    71      verbs:
    72        - list
    73        - watch
    74    - apiGroups:
    75        - networking.k8s.io
    76      resources:
    77        - networkpolicies
    78      verbs:
    79        - create
    80        - delete
    81        - deletecollection
    82        - get
    83        - list
    84        - patch
    85        - update
    86        - watch
    87    - apiGroups:
    88        - rbac.authorization.k8s.io
    89      resources:
    90        - clusterroles
    91        - roles
    92        - rolebindings
    93      verbs:
    94        - bind
    95        - create
    96        - update
    97        - delete
    98        - get
    99        - list
   100        - watch
   101    - apiGroups:
   102        - monitoring.coreos.com
   103      resources:
   104        - servicemonitors
   105        - podmonitors
   106      verbs:
   107        - list
   108        - watch
   109        - update
   110    - apiGroups:
   111        - clusters.verrazzano.io
   112      resources:
   113        - '*'
   114        - '*/status'
   115      verbs:
   116        - create
   117        - delete
   118        - deletecollection
   119        - get
   120        - list
   121        - patch
   122        - update
   123        - watch
   124    - apiGroups:
   125        - install.verrazzano.io
   126      resources:
   127        - verrazzanos
   128      verbs:
   129        - list
   130        - watch
   131    - apiGroups:
   132        - catalog.cattle.io
   133      resources:
   134        - clusterrepos
   135      verbs:
   136        - delete