github.com/verrazzano/verrazzano@v1.7.1/platform-operator/thirdparty/charts/coherence-operator/templates/rbac.yaml (about) 1 # ------------------------------------------------------------- 2 # This is the service account used by the Coherence Operator. 3 # ------------------------------------------------------------- 4 apiVersion: v1 5 kind: ServiceAccount 6 metadata: 7 name: {{ default "coherence-operator" .Values.serviceAccountName }} 8 namespace: {{ .Release.Namespace }} 9 labels: 10 control-plane: coherence 11 --- 12 {{- if .Values.clusterRoles }} 13 # ------------------------------------------------------------- 14 # This is the Cluster Roles required by the Coherence Operator 15 # to self-manage its CRDs and Web-Hooks. 16 # ------------------------------------------------------------- 17 apiVersion: rbac.authorization.k8s.io/v1 18 kind: ClusterRole 19 metadata: 20 name: coherence-operator-crd-webhook-install 21 namespace: {{ .Release.Namespace }} 22 labels: 23 control-plane: coherence 24 rules: 25 - apiGroups: 26 - apiextensions.k8s.io 27 resources: 28 - customresourcedefinitions 29 verbs: 30 - create 31 - delete 32 - get 33 - update 34 - apiGroups: 35 - admissionregistration.k8s.io 36 resources: 37 - mutatingwebhookconfigurations 38 - validatingwebhookconfigurations 39 verbs: 40 - create 41 - delete 42 - get 43 - update 44 - watch 45 --- 46 # -------------------------------------------------------------------- 47 # This is the Cluster Role binding required by the Coherence Operator 48 # to self-manage its CRDs and Web-Hooks. 49 # -------------------------------------------------------------------- 50 apiVersion: rbac.authorization.k8s.io/v1 51 kind: ClusterRoleBinding 52 metadata: 53 name: coherence-operator-crd-webhook-install 54 namespace: {{ .Release.Namespace }} 55 labels: 56 control-plane: coherence 57 roleRef: 58 apiGroup: rbac.authorization.k8s.io 59 kind: ClusterRole 60 name: coherence-operator-crd-webhook-install 61 subjects: 62 - kind: ServiceAccount 63 name: {{ default "coherence-operator" .Values.serviceAccountName }} 64 namespace: {{ .Release.Namespace }} 65 --- 66 {{- end }} 67 {{- if or (eq .Values.clusterRoles true) (eq .Values.nodeRoles true) }} 68 # ------------------------------------------------------------- 69 # This is the Cluster Roles required by the Coherence Operator 70 # to obtain Node information. 71 # Specifically the operator looks up Node labels to work out 72 # the topology information used by Coherence for site safety. 73 # ------------------------------------------------------------- 74 apiVersion: rbac.authorization.k8s.io/v1 75 kind: ClusterRole 76 metadata: 77 name: coherence-operator-node-viewer 78 namespace: {{ .Release.Namespace }} 79 labels: 80 control-plane: coherence 81 rules: 82 - apiGroups: 83 - "" 84 resources: 85 - nodes 86 verbs: 87 - get 88 --- 89 # --------------------------------------------------------------------- 90 # This is the Cluster Roles binding required by the Coherence Operator 91 # to obtain Node information. 92 # Specifically the operator looks up Node labels to work out 93 # the topology information used by Coherence for site safety. 94 # --------------------------------------------------------------------- 95 apiVersion: rbac.authorization.k8s.io/v1 96 kind: ClusterRoleBinding 97 metadata: 98 name: coherence-operator-node-viewer 99 namespace: {{ .Release.Namespace }} 100 labels: 101 control-plane: coherence 102 roleRef: 103 apiGroup: rbac.authorization.k8s.io 104 kind: ClusterRole 105 name: coherence-operator-node-viewer 106 subjects: 107 - kind: ServiceAccount 108 name: {{ default "coherence-operator" .Values.serviceAccountName }} 109 namespace: {{ .Release.Namespace }} 110 --- 111 {{- end }} 112 # --------------------------------------------------------------------- 113 # This is the Cluster Roles required by the Coherence Operator during 114 # normal operation to manage Coherence clusters. 115 # --------------------------------------------------------------------- 116 apiVersion: rbac.authorization.k8s.io/v1 117 {{- if .Values.clusterRoles }} 118 kind: ClusterRole 119 {{- else }} 120 kind: Role 121 {{- end }} 122 metadata: 123 name: coherence-operator 124 namespace: {{ .Release.Namespace }} 125 labels: 126 control-plane: coherence 127 rules: 128 - apiGroups: 129 - "" 130 resources: 131 - configmaps 132 - endpoints 133 - events 134 - pods 135 - pods/exec 136 - secrets 137 - services 138 verbs: 139 - create 140 - delete 141 - get 142 - list 143 - patch 144 - update 145 - watch 146 - apiGroups: 147 - apps 148 resources: 149 - statefulsets 150 verbs: 151 - create 152 - delete 153 - get 154 - list 155 - patch 156 - update 157 - watch 158 - apiGroups: 159 - batch 160 resources: 161 - jobs 162 verbs: 163 - create 164 - delete 165 - get 166 - list 167 - patch 168 - update 169 - watch 170 - apiGroups: 171 - coherence.oracle.com 172 resources: 173 - coherence 174 - coherence/finalizers 175 - coherence/status 176 - coherencejob 177 - coherencejob/finalizers 178 - coherencejob/status 179 verbs: 180 - create 181 - delete 182 - get 183 - list 184 - patch 185 - update 186 - watch 187 - apiGroups: 188 - monitoring.coreos.com 189 resources: 190 - servicemonitors 191 verbs: 192 - create 193 - delete 194 - get 195 - list 196 - patch 197 - update 198 - watch 199 - apiGroups: 200 - cert-manager.io 201 resources: 202 - certificates 203 - issuers 204 verbs: 205 - create 206 - delete 207 - get 208 - list 209 - patch 210 - update 211 - watch 212 --- 213 # --------------------------------------------------------------------- 214 # This is the Cluster Role binding required by the Coherence Operator 215 # during normal operation to manage Coherence clusters. 216 # --------------------------------------------------------------------- 217 apiVersion: rbac.authorization.k8s.io/v1 218 {{- if .Values.clusterRoles }} 219 kind: ClusterRoleBinding 220 {{- else }} 221 kind: RoleBinding 222 {{- end }} 223 metadata: 224 name: coherence-operator 225 namespace: {{ .Release.Namespace }} 226 labels: 227 control-plane: coherence 228 roleRef: 229 apiGroup: rbac.authorization.k8s.io 230 {{- if .Values.clusterRoles }} 231 kind: ClusterRole 232 {{- else }} 233 kind: Role 234 {{- end }} 235 name: coherence-operator 236 subjects: 237 - kind: ServiceAccount 238 name: {{ default "coherence-operator" .Values.serviceAccountName }} 239 namespace: {{ .Release.Namespace }} 240 --- 241 # --------------------------------------------------------------------- 242 # This is the Role required by the Coherence Operator 243 # during normal operation to perform leader election. 244 # --------------------------------------------------------------------- 245 apiVersion: rbac.authorization.k8s.io/v1 246 kind: Role 247 metadata: 248 name: leader-election-role 249 rules: 250 - apiGroups: 251 - "" 252 resources: 253 - configmaps 254 verbs: 255 - get 256 - list 257 - watch 258 - create 259 - update 260 - patch 261 - delete 262 - apiGroups: 263 - coordination.k8s.io 264 resources: 265 - leases 266 verbs: 267 - get 268 - list 269 - watch 270 - create 271 - update 272 - patch 273 - delete 274 - apiGroups: 275 - "" 276 resources: 277 - events 278 verbs: 279 - create 280 - patch 281 --- 282 # --------------------------------------------------------------------- 283 # This is the Role binding required by the Coherence Operator 284 # during normal operation to perform leader election. 285 # --------------------------------------------------------------------- 286 apiVersion: rbac.authorization.k8s.io/v1 287 kind: RoleBinding 288 metadata: 289 name: leader-election-rolebinding 290 roleRef: 291 apiGroup: rbac.authorization.k8s.io 292 kind: Role 293 name: leader-election-role 294 subjects: 295 - kind: ServiceAccount 296 name: {{ default "coherence-operator" .Values.serviceAccountName }} 297 namespace: {{ .Release.Namespace }}