1 files changed, 115 insertions, 2 deletions

diff --git a/kubernetes/common/serviceAccount/values.yaml b/kubernetes/common/serviceAccount/values.yaml
index 4c9f75f38d..5d20e45f58 100644
--- a/kubernetes/common/serviceAccount/values.yaml
+++ b/kubernetes/common/serviceAccount/values.yaml
@@ -22,8 +22,8 @@ global:
 # if "createDefaultRoles=false"
 roles:
   - nothing
-# - read
-# - create
+  # - read
+  # - create
 
 # Flag to enable the creation of default roles instead of using
 # common roles-wrapper
@@ -43,3 +43,116 @@ new_roles_definitions: {}
 #        - "get"
 #        - "watch"
 #        - "list"
+
+role:
+  read:
+    - apiGroups:
+      - "" # "" indicates the core API group
+      resources:
+      - services
+      - pods
+      - endpoints
+      verbs:
+      - get
+      - watch
+      - list
+    - apiGroups:
+      - batch
+      resources:
+      - jobs
+      verbs:
+      - get
+      - watch
+      - list
+    - apiGroups:
+      - batch
+      resources:
+      - jobs/status
+      verbs:
+      - get
+    - apiGroups:
+      - apps
+      resources:
+      - statefulsets
+      - replicasets
+      - deployments
+      - statefulsets
+      - daemonsets
+      verbs:
+      - get
+      - watch
+      - list
+    - apiGroups:
+      - apps
+      resources:
+      - replicasets/status
+      - deployments/status
+      - statefulsets/status
+      verbs:
+      - get
+  create:
+    - apiGroups:
+      - "" # "" indicates the core API group
+      - apps
+      - batchs
+      - extensions
+      resources:
+      - pods
+      - deployments
+      - deployments/status
+      - jobs
+      - jobs/status
+      - statefulsets
+      - replicasets
+      - replicasets/status
+      - daemonsets
+      - secrets
+      - services
+      verbs:
+      - get
+      - watch
+      - list
+    - apiGroups:
+      - "" # "" indicates the core API group
+      - apps
+      resources:
+      - statefulsets
+      - configmaps
+      verbs:
+      - patch
+    - apiGroups:
+      - "" # "" indicates the core API group
+      - apps
+      resources:
+      - deployments
+      - secrets
+      - services
+      - pods
+      verbs:
+      - create
+    - apiGroups:
+      - "" # "" indicates the core API group
+      - apps
+      resources:
+      - pods
+      - persistentvolumeclaims
+      - secrets
+      - deployments
+      - services
+      verbs:
+      - delete
+    - apiGroups:
+      - "" # "" indicates the core API group
+      - apps
+      resources:
+      - pods/exec
+      verbs:
+      - create
+      - get
+    - apiGroups:
+      - cert-manager.io
+      resources:
+      - certificates
+      verbs:
+      - create
+      - delete