helm-chart/flink-operator/templates/rbac.yaml

{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: flink-operator-leader-election-role namespace: {{ .Values.flinkOperatorNamespace.name }} rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: flink-operator-manager-role rules: - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - deployments/status verbs: - get - apiGroups: - apps resources: - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - statefulsets/status verbs: - get - apiGroups: - apps resources: - controllerrevisions verbs: - get - list - watch - create - update - patch - delete - apiGroups: - batch resources: - jobs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - batch resources: - jobs/status verbs: - get - apiGroups: - "" resources: - configmaps verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - events verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - events/status verbs: - get - apiGroups: - "" resources: - persistentvolumeclaims verbs: - create - delete - get - list - patch - update - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - update - delete - get - list - watch - apiGroups: - policy resources: - poddisruptionbudgets/status verbs: - get - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - create - update - delete - get - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers/status verbs: - get - apiGroups: - "" resources: - pods verbs: - get - list - watch - apiGroups: - "" resources: - pods/status - pods/log verbs: - get - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services/status verbs: - get - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - get - apiGroups: - flinkoperator.k8s.io resources: - flinkclusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - flinkoperator.k8s.io resources: - flinkclusters/status verbs: - get - patch - update - apiGroups: - scheduling.volcano.sh resources: - podgroups verbs: - get - create - update - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: flink-operator-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: flink-operator-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: flink-operator-leader-election-rolebinding namespace: {{ .Values.flinkOperatorNamespace.name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: flink-operator-leader-election-role subjects: - kind: ServiceAccount name: {{ template "flink-operator.serviceAccountName" . }} namespace: {{ .Values.flinkOperatorNamespace.name }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: flink-operator-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flink-operator-manager-role subjects: - kind: ServiceAccount name: {{ template "flink-operator.serviceAccountName" . }} namespace: {{ .Values.flinkOperatorNamespace.name }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: flink-operator-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flink-operator-proxy-role subjects: - kind: ServiceAccount name: {{ template "flink-operator.serviceAccountName" . }} namespace: {{ .Values.flinkOperatorNamespace.name }} {{- end }}

helm-chart/flink-operator/templates/rbac.yaml (336 lines of code) (raw):