1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15
16---
17apiVersion: rbac.authorization.k8s.io/v1
18kind: ClusterRole
19metadata:
20 creationTimestamp: null
21 name: manager-role
22rules:
23- apiGroups:
24 - ""
25 resources:
26 - configmaps
27 - events
28 - events
29 - namespaces
30 - secrets
31 - serviceaccounts
32 - services
33 verbs:
34 - create
35 - delete
36 - get
37 - list
38 - patch
39 - update
40 - watch
41- apiGroups:
42 - ""
43 resources:
44 - pods
45 verbs:
46 - get
47 - list
48 - watch
49- apiGroups:
50 - admissionregistration.k8s.io
51 resources:
52 - mutatingwebhookconfigurations
53 - validatingwebhookconfigurations
54 verbs:
55 - create
56 - delete
57 - get
58 - list
59 - patch
60 - update
61 - watch
62- apiGroups:
63 - apiextensions.k8s.io
64 resources:
65 - customresourcedefinitions
66 verbs:
67 - create
68 - delete
69 - get
70 - list
71 - patch
72 - update
73 - watch
74- apiGroups:
75 - apps
76 resources:
77 - deployments
78 verbs:
79 - create
80 - delete
81 - get
82 - list
83 - patch
84 - update
85 - watch
86- apiGroups:
87 - apps
88 resources:
89 - statefulsets
90 verbs:
91 - create
92 - delete
93 - get
94 - list
95 - patch
96 - update
97 - watch
98 - deletecollection
99- apiGroups:
100 - core.cnrm.cloud.google.com
101 resources:
102 - configconnectors
103 - configconnectorcontexts
104 verbs:
105 - create
106 - delete
107 - get
108 - list
109 - patch
110 - update
111 - watch
112- apiGroups:
113 - core.cnrm.cloud.google.com
114 resources:
115 - configconnectors/status
116 - configconnectorcontexts/status
117 verbs:
118 - get
119 - patch
120 - update
121- apiGroups:
122 - core.cnrm.cloud.google.com
123 resources:
124 - configconnectors/finalizers
125 verbs:
126 - update
127- apiGroups:
128 - customize.core.cnrm.cloud.google.com
129 resources:
130 - controllerresources
131 verbs:
132 - create
133 - delete
134 - get
135 - list
136 - patch
137 - update
138 - watch
139- apiGroups:
140 - customize.core.cnrm.cloud.google.com
141 resources:
142 - controllerresources/status
143 verbs:
144 - get
145 - patch
146 - update
147- apiGroups:
148 - rbac.authorization.k8s.io
149 resources:
150 - clusterrolebindings
151 - rolebindings
152 verbs:
153 - create
154 - delete
155 - get
156 - list
157 - patch
158 - update
159 - watch
160- apiGroups:
161 - rbac.authorization.k8s.io
162 resources:
163 - clusterroles
164 - roles
165 verbs:
166 - create
167 - delete
168 - escalate
169 - get
170 - list
171 - patch
172 - update
173 - watch
174- apiGroups:
175 - rbac.authorization.k8s.io
176 resources:
177 - clusterroles
178 verbs:
179 - bind
180 resourceNames:
181 - cnrm-admin
182 - cnrm-manager-cluster-role
183 - cnrm-manager-ns-role
184 - cnrm-recorder-role
185 - cnrm-webhook-role
186- apiGroups:
187 - autoscaling
188 resources:
189 - horizontalpodautoscalers
190 verbs:
191 - create
192 - delete
193 - get
194 - list
195 - patch
196 - update
197 - watchView as plain text