Skip to content

Commit 95eb5c7

Browse files
CasLubbersCasLubbers
committed
fix: rbac rules
1 parent 93f6074 commit 95eb5c7

File tree

1 file changed

+25
-29
lines changed

1 file changed

+25
-29
lines changed

charts/apl-operator/templates/rbac.yaml

+25-29
Original file line numberDiff line numberDiff line change
@@ -119,37 +119,9 @@ kind: ClusterRole
119119
metadata:
120120
name: apl-operator-crds
121121
rules:
122-
# Required for applying the Prometheus CRDs
123122
- apiGroups: ["apiextensions.k8s.io"]
124123
resources: ["customresourcedefinitions"]
125-
verbs: ["get", "create", "update", "patch"]
126-
resourceNames:
127-
- "alertmanagerconfigs.monitoring.coreos.com"
128-
- "alertmanagers.monitoring.coreos.com"
129-
- "podmonitors.monitoring.coreos.com"
130-
- "probes.monitoring.coreos.com"
131-
- "prometheuses.monitoring.coreos.com"
132-
- "prometheusrules.monitoring.coreos.com"
133-
- "servicemonitors.monitoring.coreos.com"
134-
- "thanosrulers.monitoring.coreos.com"
135-
136-
# Required for applying Tekton Triggers CRDs
137-
- apiGroups: ["apiextensions.k8s.io"]
138-
resources: ["customresourcedefinitions"]
139-
verbs: ["get", "create", "update", "patch"]
140-
resourceNames:
141-
- "clusterinterceptors.triggers.tekton.dev"
142-
- "clustertriggerbindings.triggers.tekton.dev"
143-
- "eventlisteners.triggers.tekton.dev"
144-
- "interceptors.triggers.tekton.dev"
145-
- "triggers.triggers.tekton.dev"
146-
- "triggerbindings.triggers.tekton.dev"
147-
- "triggertemplates.triggers.tekton.dev"
148-
149-
# For listing CRDs (needed to check existence)
150-
- apiGroups: ["apiextensions.k8s.io"]
151-
resources: ["customresourcedefinitions"]
152-
verbs: ["list"]
124+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
153125
---
154126
apiVersion: rbac.authorization.k8s.io/v1
155127
kind: ClusterRoleBinding
@@ -163,3 +135,27 @@ roleRef:
163135
kind: ClusterRole
164136
name: apl-operator-crds
165137
apiGroup: rbac.authorization.k8s.io
138+
---
139+
apiVersion: rbac.authorization.k8s.io/v1
140+
kind: Role
141+
metadata:
142+
name: apl-operator-configmap-manager
143+
namespace: otomi
144+
rules:
145+
- apiGroups: [""]
146+
resources: ["configmaps"]
147+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
148+
---
149+
apiVersion: rbac.authorization.k8s.io/v1
150+
kind: RoleBinding
151+
metadata:
152+
name: apl-operator-configmap-manager-binding
153+
namespace: otomi
154+
subjects:
155+
- kind: ServiceAccount
156+
name: apl-operator
157+
namespace: apl-operator
158+
roleRef:
159+
kind: Role
160+
name: apl-operator-configmap-manager
161+
apiGroup: rbac.authorization.k8s.io

0 commit comments

Comments
 (0)