{{- if eq .Values.global.platform "openshift" -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: {{ .Release.Namespace }} labels: {{- include "edp-install.labels" . | nindent 4 }} name: edp-{{ .Release.Namespace }} rules: - apiGroups: - "" - network.openshift.io resources: - clusternetworks verbs: - list - apiGroups: - "*" resources: - namespaces verbs: - create - get - list - patch - apiGroups: - "" - network.openshift.io resources: - "" verbs: - get - list - apiGroups: - "" - network.openshift.io resources: - netnamespaces verbs: - get - update - apiGroups: - "" - image.openshift.io resources: - imagestreamimages - imagestreammappings - imagestreams verbs: - get - list - watch - apiGroups: - "" - image.openshift.io resources: - imagestreams/layers verbs: - get - apiGroups: - '*' resources: - clusterrolebindings verbs: - delete - apiGroups: - "*" resources: - templates verbs: - watch - apiGroups: - "*" resources: - buildconfigs - clusterrolebindings - clusterroles - configmaps - groups - imagestreams - jobs - namespaces - pods - pods/exec - pods/portforward - podsecuritypolicies - processedtemplates - projectrequests - projects - rolebindings - roles - routes - templates - users verbs: - get - list - create - patch - apiGroups: - '*' resources: - storageclasses verbs: - get - list - apiGroups: - '*' resources: - buildconfigs - configmaps - groups - imagestreams - jobs - podsecuritypolicies - routes - users verbs: - patch - update - apiGroups: - '*' resources: - securitycontextconstraints verbs: - create - delete - get - list - patch - update - apiGroups: - '*' resources: - jobs verbs: - delete - apiGroups: - '*' resources: - secrets verbs: - create - apiGroups: - '*' resourceNames: - admin-console-client - admin-console-db - gerrit-admin - gerrit-project-creator - jenkins-token - keycloak - keycloak-admin - keycloak-gerrit - keycloak-parameters - super-admin-db - vcs-autouser resources: - secrets verbs: - get - apiGroups: - "*" resourceNames: - edp-jenkins resources: - roles - rolebindings - clusterroles verbs: - patch - update - apiGroups: - '*' resources: - adminconsoles - adminconsoles/finalizers - adminconsoles/status - cdpipelines - cdpipelines/finalizers - cdpipelines/status - codebasebranches - codebasebranches/finalizers - codebasebranches/status - codebaseimagestreams - codebaseimagestreams/finalizers - codebaseimagestreams/status - codebases - codebases/finalizers - codebases/status - deployments/finalizers - deployments/finalizers.extensions - gerritreplicationconfigs - gerritreplicationconfigs/status - gerrits - gerrits/finalizers - gerrits/status - gitservers - gitservers/finalizers - gitservers/status - jenkins - jenkins/finalizers - jenkins/status - jenkinses - jenkinses/finalizers - jenkinses/status - jenkinsfolders - jenkinsfolders/finalizers - jenkinsfolders/status - jenkinsscripts - jenkinsscripts/finalizers - jenkinsscripts/status - jenkinsserviceaccounts - jenkinsserviceaccounts/finalizers - jenkinsserviceaccounts/status - jiraservers - jiraservers/finalizers - jiraservers/status - keycloakclients - keycloakclients/finalizers - keycloakclients/status - keycloakrealms - keycloakrealms/finalizers - keycloakrealms/status - keycloaks - keycloaks/finalizers - keycloaks/status - nexuses - nexuses/finalizers - nexuses/status - projectrequests - projects - projects/finalizers - projects/status - sonars - sonars/finalizers - sonars/status - stages - stages/finalizers - stages/status verbs: - '*' {{ end }}