| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: gerrit-operator |
| namespace: gerrit-operator |
| |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: gerrit-operator-admin |
| subjects: |
| - kind: ServiceAccount |
| name: gerrit-operator |
| namespace: gerrit-operator |
| roleRef: |
| kind: ClusterRole |
| name: gerrit-operator |
| apiGroup: "" |
| |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: gerrit-operator |
| rules: |
| - apiGroups: |
| - "batch" |
| resources: |
| - cronjobs |
| verbs: |
| - '*' |
| - apiGroups: |
| - "apps" |
| resources: |
| - statefulsets |
| - deployments |
| verbs: |
| - '*' |
| - apiGroups: |
| - "" |
| resources: |
| - configmaps |
| - persistentvolumeclaims |
| - secrets |
| - services |
| verbs: |
| - '*' |
| - apiGroups: |
| - "storage.k8s.io" |
| resources: |
| - storageclasses |
| verbs: |
| - 'get' |
| - 'list' |
| - apiGroups: |
| - "apiextensions.k8s.io" |
| resources: |
| - customresourcedefinitions |
| verbs: |
| - '*' |
| - apiGroups: |
| - "networking.k8s.io" |
| resources: |
| - ingresses |
| verbs: |
| - '*' |
| - apiGroups: |
| - "gerritoperator.google.com" |
| resources: |
| - '*' |
| verbs: |
| - '*' |
| - apiGroups: |
| - "networking.istio.io" |
| resources: |
| - "gateways" |
| - "virtualservices" |
| - "destinationrules" |
| verbs: |
| - '*' |
| - apiGroups: |
| - "admissionregistration.k8s.io" |
| resources: |
| - 'validatingwebhookconfigurations' |
| verbs: |
| - '*' |