software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e171db7e71387ce4fde4fe4c82fca7a817ea18e3
zitadel-k8s-operator/ops/chart/templates/manager-rbac.yaml
Haim Kortovich a6bfad68ba fix required 
[ZITADOPER-10]
2025-04-02 16:28:20 -05:00

196 lines
3.1 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "zitadel-k8s-operator.fullname" . }}-manager-role
labels:
{{- include "zitadel-k8s-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- endpoints/restricted
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- events
- secrets
- serviceaccounts
- services
verbs:
- create
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- list
- patch
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/approval
verbs:
- update
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/status
verbs:
- get
- patch
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- list
- patch
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- rolebindings
- roles
verbs:
- create
- list
- patch
- watch
- apiGroups:
- zitadel.topmanage.com
resources:
- actions
- apiapps
- flows
- machineusers
- oidcapps
- organizations
- projects
- zitadelclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- zitadel.topmanage.com
resources:
- actions/finalizers
- apiapps/finalizers
- flows/finalizers
- machineusers/finalizers
- oidcapps/finalizers
- organizations/finalizers
- projects/finalizers
- zitadelclusters/finalizers
verbs:
- update
- apiGroups:
- zitadel.topmanage.com
resources:
- actions/status
- apiapps/status
- flows/status
- machineusers/status
- oidcapps/status
- organizations/status
- projects/status
- zitadelclusters/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "zitadel-k8s-operator.fullname" . }}-manager-rolebinding
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: src
app.kubernetes.io/part-of: src
{{- include "zitadel-k8s-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: '{{ include "zitadel-k8s-operator.fullname" . }}-manager-role'
subjects:
- kind: ServiceAccount
name: '{{ include "zitadel-k8s-operator.fullname" . }}-controller-manager'
namespace: '{{ .Release.Namespace }}'
Reference in New Issue View Git Blame Copy Permalink