role.yaml

Documentation: edge-infra.dev/config/pallets/f8n/pinitctl

     1apiVersion: rbac.authorization.k8s.io/v1
     2kind: ClusterRole
     3metadata:
     4  name: pinitctl
     5rules:
     6- resources:
     7  - configmaps
     8  - secrets
     9  apiGroups:
    10  - ""
    11  verbs:
    12  - create
    13  - delete
    14  - get
    15  - list
    16  - patch
    17  - update
    18  - watch
    19- resources:
    20  - computefirewalls
    21  - computerouternats
    22  - computerouters
    23  - computesslpolicies
    24  apiGroups:
    25  - compute.cnrm.cloud.google.com
    26  verbs:
    27  - create
    28  - delete
    29  - get
    30  - list
    31  - patch
    32  - update
    33  - watch
    34- resources:
    35  - computefirewalls/status
    36  - computerouternats/status
    37  - computerouters/status
    38  - computesslpolicies/status
    39  apiGroups:
    40  - compute.cnrm.cloud.google.com
    41  verbs:
    42  - get
    43- resources:
    44  - computenetworks
    45  apiGroups:
    46  - compute.cnrm.cloud.google.com
    47  verbs:
    48  - create
    49  - delete
    50  - get
    51  - list
    52  - patch
    53  - update
    54  - watch
    55- resources:
    56  - computenetworks/status
    57  apiGroups:
    58  - compute.cnrm.cloud.google.com
    59  verbs:
    60  - get
    61  - watch
    62- resources:
    63  - iampolicymembers
    64  - iamserviceaccountkeys
    65  - iamserviceaccounts
    66  apiGroups:
    67  - iam.cnrm.cloud.google.com
    68  verbs:
    69  - create
    70  - delete
    71  - get
    72  - list
    73  - patch
    74  - update
    75  - watch
    76- resources:
    77  - iampolicymembers/status
    78  - iamserviceaccountkeys/status
    79  - iamserviceaccounts/status
    80  apiGroups:
    81  - iam.cnrm.cloud.google.com
    82  verbs:
    83  - get
    84  - watch
    85- resources:
    86  - projects
    87  apiGroups:
    88  - resourcemanager.cnrm.cloud.google.com
    89  verbs:
    90  - get
    91  - list
    92  - watch
    93- resources:
    94  - projects/status
    95  apiGroups:
    96  - resourcemanager.cnrm.cloud.google.com
    97  verbs:
    98  - get
    99  - watch
   100- resources:
   101  - secretmanagersecrets
   102  - secretmanagersecretversions
   103  apiGroups:
   104  - secretmanager.cnrm.cloud.google.com
   105  verbs:
   106  - create
   107  - delete
   108  - get
   109  - list
   110  - patch
   111  - update
   112  - watch
   113- resources:
   114  - secretmanagersecrets/status
   115  - secretmanagersecretversions/status
   116  apiGroups:
   117  - secretmanager.cnrm.cloud.google.com
   118  verbs:
   119  - get
   120  - list
   121  - watch
View as plain text