istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istio-operator/templates/clusterrole.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istio-operator/templates/clusterrole.yaml (about)

     1  apiVersion: rbac.authorization.k8s.io/v1
     2  kind: ClusterRole
     3  metadata:
     4    creationTimestamp: null
     5    name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
     6  rules:
     7  # istio groups
     8  - apiGroups:
     9    - authentication.istio.io
    10    resources:
    11    - '*'
    12    verbs:
    13    - '*'
    14  - apiGroups:
    15    - config.istio.io
    16    resources:
    17    - '*'
    18    verbs:
    19    - '*'
    20  - apiGroups:
    21    - install.istio.io
    22    resources:
    23    - '*'
    24    verbs:
    25    - '*'
    26  - apiGroups:
    27    - networking.istio.io
    28    resources:
    29    - '*'
    30    verbs:
    31    - '*'
    32  - apiGroups:
    33    - security.istio.io
    34    resources:
    35    - '*'
    36    verbs:
    37    - '*'
    38  - apiGroups:
    39    - telemetry.istio.io
    40    resources:
    41    - '*'
    42    verbs:
    43    - '*'
    44  - apiGroups:
    45    - extensions.istio.io
    46    resources:
    47    - '*'
    48    verbs:
    49    - '*'
    50  # k8s groups
    51  - apiGroups:
    52    - admissionregistration.k8s.io
    53    resources:
    54    - mutatingwebhookconfigurations
    55    - validatingwebhookconfigurations
    56    verbs:
    57    - '*'
    58  - apiGroups:
    59    - apiextensions.k8s.io
    60    resources:
    61    - customresourcedefinitions.apiextensions.k8s.io
    62    - customresourcedefinitions
    63    verbs:
    64    - '*'
    65  - apiGroups:
    66    - apps
    67    - extensions
    68    resources:
    69    - daemonsets
    70    - deployments
    71    - deployments/finalizers
    72    - replicasets
    73    verbs:
    74    - '*'
    75  - apiGroups:
    76    - autoscaling
    77    resources:
    78    - horizontalpodautoscalers
    79    verbs:
    80    - '*'
    81  - apiGroups:
    82    - monitoring.coreos.com
    83    resources:
    84    - servicemonitors
    85    verbs:
    86    - get
    87    - create
    88    - update
    89  - apiGroups:
    90    - policy
    91    resources:
    92    - poddisruptionbudgets
    93    verbs:
    94    - '*'
    95  - apiGroups:
    96    - rbac.authorization.k8s.io
    97    resources:
    98    - clusterrolebindings
    99    - clusterroles
   100    - roles
   101    - rolebindings
   102    verbs:
   103    - '*'
   104  - apiGroups:
   105    - coordination.k8s.io
   106    resources:
   107    - leases
   108    verbs:
   109    - get
   110    - create
   111    - update
   112  - apiGroups:
   113    - ""
   114    resources:
   115    - configmaps
   116    - endpoints
   117    - events
   118    - namespaces
   119    - pods
   120    - pods/proxy
   121    - pods/portforward
   122    - persistentvolumeclaims
   123    - secrets
   124    - services
   125    - serviceaccounts
   126    - resourcequotas
   127    verbs:
   128    - '*'
   129  ---