operator/k8s/operator/rbac.yaml - k8s-gerrit - Git at Google

 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: gerrit-operator
   namespace: gerrit-operator

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: gerrit-operator-admin
 subjects:
 - kind: ServiceAccount
   name: gerrit-operator
   namespace: gerrit-operator
 roleRef:
   kind: ClusterRole
   name: gerrit-operator
   apiGroup: ""

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: gerrit-operator
 rules:
 - apiGroups:
   - "batch"
   resources:
   - cronjobs
   verbs:
   - '*'
 - apiGroups:
   - "apps"
   resources:
   - statefulsets
   - deployments
   verbs:
   - '*'
 - apiGroups:
   - ""
   resources:
   - configmaps
   - persistentvolumeclaims
   - secrets
   - services
   verbs:
   - '*'
 - apiGroups:
   - "storage.k8s.io"
   resources:
   - storageclasses
   verbs:
   - 'get'
   - 'list'
 - apiGroups:
   - "apiextensions.k8s.io"
   resources:
   - customresourcedefinitions
   verbs:
   - '*'
 - apiGroups:
   - "networking.k8s.io"
   resources:
   - ingresses
   verbs:
   - '*'
 - apiGroups:
   - "gerritoperator.google.com"
   resources:
   - '*'
   verbs:
   - '*'
 - apiGroups:
   - "networking.istio.io"
   resources:
   - "gateways"
   - "virtualservices"
   - "destinationrules"
   verbs:
   - '*'
 - apiGroups:
   - "admissionregistration.k8s.io"
   resources:
   - 'validatingwebhookconfigurations'
   verbs:
   - '*'
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: gerrit-operator
	namespace: gerrit-operator

	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: gerrit-operator-admin
	subjects:
	- kind: ServiceAccount
	name: gerrit-operator
	namespace: gerrit-operator
	roleRef:
	kind: ClusterRole
	name: gerrit-operator
	apiGroup: ""

	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: gerrit-operator
	rules:
	- apiGroups:
	- "batch"
	resources:
	- cronjobs
	verbs:
	- '*'
	- apiGroups:
	- "apps"
	resources:
	- statefulsets
	- deployments
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- configmaps
	- persistentvolumeclaims
	- secrets
	- services
	verbs:
	- '*'
	- apiGroups:
	- "storage.k8s.io"
	resources:
	- storageclasses
	verbs:
	- 'get'
	- 'list'
	- apiGroups:
	- "apiextensions.k8s.io"
	resources:
	- customresourcedefinitions
	verbs:
	- '*'
	- apiGroups:
	- "networking.k8s.io"
	resources:
	- ingresses
	verbs:
	- '*'
	- apiGroups:
	- "gerritoperator.google.com"
	resources:
	- '*'
	verbs:
	- '*'
	- apiGroups:
	- "networking.istio.io"
	resources:
	- "gateways"
	- "virtualservices"
	- "destinationrules"
	verbs:
	- '*'
	- apiGroups:
	- "admissionregistration.k8s.io"
	resources:
	- 'validatingwebhookconfigurations'
	verbs:
	- '*'