aboutsummaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml')
-rw-r--r--kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml203
1 files changed, 203 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml
new file mode 100644
index 00000000..3f813e58
--- /dev/null
+++ b/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml
@@ -0,0 +1,203 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cdi-operator-cluster
+ labels:
+ {{- include "cdi-operator.labels" . | nindent 4 }}
+ operator.cdi.kubevirt.io: ""
+rules:
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ - clusterroles
+ verbs:
+ - '*'
+- apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - '*'
+- apiGroups:
+ - cdi.kubevirt.io
+ - upload.cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - '*'
+- apiGroups:
+ - apiregistration.k8s.io
+ resources:
+ - apiservices
+ verbs:
+ - '*'
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datavolumes
+ verbs:
+ - list
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdis
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdis/finalizers
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ - persistentvolumeclaims
+ - volumesnapshots
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims/finalizers
+ - pods/finalizers
+ - volumesnapshots/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+- apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - config.openshift.io
+ resources:
+ - proxies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get