# # Copyright (c) 2019-2023 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ # # SPDX-License-Identifier: EPL-2.0 # # Contributors: # Red Hat, Inc. - initial API and implementation # kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: che-operator labels: app.kubernetes.io/name: che app.kubernetes.io/instance: che app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: che-operator rules: - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - oauth.openshift.io resources: - oauthclients verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - config.openshift.io resources: - oauths verbs: - get - list - watch - patch - apiGroups: - config.openshift.io resources: - infrastructures - proxies verbs: - get - list - watch - apiGroups: - user.openshift.io resources: - users verbs: - list - delete - apiGroups: - user.openshift.io resources: - groups verbs: - get - apiGroups: - user.openshift.io resources: - identities verbs: - delete - apiGroups: - console.openshift.io resources: - consolelinks verbs: - get - list - create - update - patch - delete - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles - roles - rolebindings verbs: - list - create - watch - update - get - delete - apiGroups: - authorization.openshift.io resources: - roles - rolebindings verbs: - get - create - update - delete - apiGroups: - org.eclipse.che resources: - checlusters - checlusters/status - checlusters/finalizers - checlusters/status verbs: - '*' - apiGroups: - project.openshift.io resources: - projectrequests verbs: - create - update - apiGroups: - project.openshift.io resources: - projects verbs: - get - list - watch - create - update - apiGroups: - "" resources: - namespaces verbs: - get - list - create - update - watch - apiGroups: - '' resources: - pods/exec verbs: - create - get - apiGroups: - apps resources: - secrets verbs: - list - apiGroups: - '' resources: - secrets verbs: - list - get - create - update - patch - delete - apiGroups: - '' resources: - persistentvolumeclaims verbs: - create - get - list - watch - delete - apiGroups: - '' resources: - pods verbs: - get - list - create - watch - delete - apiGroups: - apps - extensions resources: - deployments - replicasets verbs: - '*' - apiGroups: - route.openshift.io resources: - routes verbs: - '*' - apiGroups: - route.openshift.io resources: - routes/custom-host verbs: - create - apiGroups: - '' resources: - events verbs: - list - watch - apiGroups: - apps resources: - replicasets verbs: - list - get - patch - delete - apiGroups: - extensions resources: - ingresses verbs: - '*' - apiGroups: - networking.k8s.io resources: - ingresses verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - create - update - apiGroups: - operators.coreos.com resources: - subscriptions verbs: - get - apiGroups: - operators.coreos.com resources: - clusterserviceversions verbs: - list - get - watch - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch - apiGroups: - cert-manager.io resources: - issuers - certificates verbs: - create - get - list - update - apiGroups: - '' resources: - configmaps - persistentvolumeclaims - pods - secrets - serviceaccounts - services verbs: - '*' - apiGroups: - apps resourceNames: - che-operator resources: - deployments/finalizers verbs: - update - apiGroups: - batch resources: - jobs verbs: - create - delete - get - update - watch - list - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - create - get - nonResourceURLs: - /metrics verbs: - get - apiGroups: - che.eclipse.org resources: - kubernetesimagepullers verbs: - '*' - apiGroups: - config.openshift.io resources: - consoles resourceNames: - cluster verbs: - get - apiGroups: - '' resources: - pods/log verbs: - get - list - watch - apiGroups: - workspace.devfile.io resources: - devworkspaces - devworkspacetemplates verbs: - get - list - watch - create - delete - patch - update - apiGroups: - controller.devfile.io resources: - devworkspaceroutings - devworkspaceoperatorconfigs verbs: - get - list - watch - create - delete - patch - update - apiGroups: - controller.devfile.io resources: - devworkspaceroutings/finalizers verbs: - update - apiGroups: - controller.devfile.io resources: - devworkspaceroutings/status verbs: - get - patch - update - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - security.openshift.io resources: - securitycontextconstraints verbs: - get - create - delete - update - use - apiGroups: - "" resources: - limitranges verbs: - list