deploy-templates/templates/clusterrole_openshift.yaml (61 lines of code) (raw):
{{ if eq .Values.global.platform "openshift" }}
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
metadata:
annotations:
openshift.io/description: Role for {{ .Values.operator.serviceAccountName }}-edp service account
openshift.io/reconcile-protect: "false"
name: edp-{{ include "controlPlaneConsole.name" .}}-clusterrole-{{ .Release.Namespace }}
rules:
- apiGroups:
- '*'
attributeRestrictions: null
resources:
- configmaps
- secrets
verbs:
- get
- apiGroups:
- '*'
attributeRestrictions: null
resources:
- gerritprojects
- gerritmergerequests
- gerritmergerequests/status
verbs:
- list
- get
- create
- watch
- update
- delete
- apiGroups:
- '*'
attributeRestrictions: null
resources:
- securitycontextconstraints
verbs:
- create
- get
- list
- delete
- update
- apiGroups:
- '*'
attributeRestrictions: null
resources:
- adminconsoles
- adminconsoles/finalizers
- adminconsoles/status
- keycloaks
- keycloaks/status
- keycloakclients
- keycloakclients/finalizers
- keycloakclients/status
- keycloakrealms
- keycloakrealms/status
- edpcomponents
- rolebindings
verbs:
- '*'
{{ end }}