aboutsummaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml')
-rw-r--r--kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml107
1 files changed, 107 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml
new file mode 100644
index 00000000..96fae762
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml
@@ -0,0 +1,107 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ - endpoints
+ - persistentvolumeclaims
+ - events
+ - configmaps
+ - secrets
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ - replicasets
+ - statefulsets
+ verbs:
+ - '*'
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ verbs:
+ - get
+ - create
+- apiGroups:
+ - apps
+ resourceNames:
+ - sriov-network-operator
+ resources:
+ - deployments/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - serviceaccounts
+ - roles
+ - rolebindings
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: sriov-network-config-daemon
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - daemonsets
+ verbs:
+ - '*'
+- apiGroups:
+ - sriovnetwork.openshift.io
+ resources:
+ - '*'
+ - sriovnetworknodestates
+ verbs:
+ - '*'
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - privileged
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - use
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: operator-webhook-sa
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get