seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-operator/deploy/cluster_role.yaml

734 lines
12 KiB
YAML
Raw Blame History

#
# Copyright (c) 2012-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: che-operator
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/component: che-operator
rules:
### CHE-OPERATOR ROLES ONLY: BEGIN
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- get
- delete
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- update
- patch
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
verbs:
- get
- create
- delete
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- get
- create
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
- projectrequests
verbs:
- create
- update
- apiGroups:
- project.openshift.io
resources:
- projects
verbs:
- get
- list
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- create
- update
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- get
- create
- watch
- apiGroups:
- ''
resources:
- pods/exec
verbs:
- create
- apiGroups:
- apps
resources:
- secrets
verbs:
- list
- apiGroups:
- ''
resources:
- secrets
verbs:
- list
- get
- create
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- create
- patch
- watch
- delete
- apiGroups:
- ''
resources:
- services
verbs:
- list
- create
- delete
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- create
- delete
- list
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- list
- create
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- create
- watch
- get
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
### CHE-OPERATOR ROLES ONLY: END
# devworkspace-controller-view-workspaces.ClusterRole.yaml
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch
# devworkspace-controller-edit-workspaces.ClusterRole.yaml
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- create
- delete
- deletecollection
- patch
- update
# devworkspace-controller-leader-election-role.Role.yaml
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
# devworkspace-controller-proxy-role.ClusterRole.yaml
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
# devworkspace-controller-role.ClusterRole.yaml
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resourceNames:
- devworkspace-controller
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controller.devfile.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiGroups:
- workspace.devfile.io
resources:
- '*'
verbs:
- '*'
# devworkspace-controller-view-workspaces.ClusterRole.yaml
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch
# devworkspace-che-role.ClusterRole.yaml
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- devworkspace-che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- configmap
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
# devworkspace-che-metrics-reader.ClusterRole.yaml
- nonResourceURLs:
- /metrics
verbs:
- get
Reference in New Issue View Git Blame Copy Permalink