diff options
author | Todd Malsbary <todd.malsbary@intel.com> | 2021-06-04 14:24:56 -0700 |
---|---|---|
committer | Todd Malsbary <todd.malsbary@intel.com> | 2021-06-15 14:42:16 -0700 |
commit | a99aa8015594cbfd9d46bbc8313f72321a95cc1f (patch) | |
tree | 85cba2e3b9a947d18b159cd19114a5357ed70d8e /kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml | |
parent | dc925231a978d1ae4dce969cb4c386d4a1b0bb87 (diff) |
Add kubevirt and cdi addon helm charts
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I6ba134140f0aca6717c656ffa35c6576426a8b98
Diffstat (limited to 'kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml')
-rw-r--r-- | kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..3f813e58 --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml @@ -0,0 +1,203 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cdi-operator-cluster + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + operator.cdi.kubevirt.io: "" +rules: +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - '*' +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - create +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - cdi.kubevirt.io + - upload.cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - '*' +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get +- apiGroups: + - cdi.kubevirt.io + resources: + - datavolumes + verbs: + - list + - get +- apiGroups: + - cdi.kubevirt.io + resources: + - cdis + verbs: + - get +- apiGroups: + - cdi.kubevirt.io + resources: + - cdis/finalizers + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - volumesnapshots + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims/finalizers + - pods/finalizers + - volumesnapshots/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch +- apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch +- apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get |