Skip to content

Commit

Permalink
Cluster role with all minimal required RBAC grants to allow install M…
Browse files Browse the repository at this point in the history 
…inIO Operator
  • Loading branch information
@pjuarezd
pjuarezd committed Oct 17, 2024
1 parent 00f9e7e commit 86a1d24
Showing 1 changed file with 308 additions and 0 deletions.
308 changes: 308 additions & 0 deletions minio-operator-install-role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,308 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: minio-operator-install-role
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- update
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
- nodes
verbs:
- create
- delete
- get
- watch
- list
- patch
- update
- apiGroups:
- ""
resources:
- pods
- pods/log
- services
- events
- configmaps
verbs:
- get
- watch
- create
- list
- delete
- deletecollection
- update
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- create
- update
- list
- delete
- patch
- deletecollection
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- daemonsets
- deployments/finalizers
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
- certificatesigningrequests/approval
- certificatesigningrequests/status
verbs:
- update
- create
- get
- delete
- list
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/legacy-unknown
- kubernetes.io/kube-apiserver-client
- kubernetes.io/kubelet-serving
- beta.eks.amazonaws.com/app-serving
resources:
- signers
verbs:
- approve
- sign
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- minio.min.io
- sts.min.io
- job.min.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- min.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- monitoring.coreos.com
resources:
- prometheuses
verbs:
- '*'
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
- delete
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- deletecollection
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- patch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- directpv.min.io
resources:
- directpvdrives
- directpvinitrequests
- directpvnodes
- directpvvolumes
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- csidrivers
- csinodes
- storageclasses
- volumeattachments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

- apiGroups:
- ""
resources:
- "pod"
verbs:
- "get"
- "list"
- "watch"
- apiGroups:
- ""
resources:
- "secret"
verbs:
- "get"
- "list"
- "watch"
- apiGroups:
- "apiextensions.k8s.io"
resources:
- "customresourcedefinition"
verbs:
- "create"
- "delete"
- "get"
- "list"
- "patch"
- "update"
- "watch"
- apiGroups:
- "directpv.min.io"
resources:
- "customresourcedefinitions"
verbs:
- "create"
- "delete"
- "get"
- "list"
- "patch"
- "update"
- "watch"

0 comments on commit 86a1d24

Please sign in to comment.