Skip to content

Commit 6c585b3

Browse files
awgreeneawgreene
committed
Constrain RBACs requested by OLM
Signed-off-by: Alexander Greene <[email protected]>
1 parent 7e8d77c commit 6c585b3

File tree

1 file changed

+114
-3
lines changed

1 file changed

+114
-3
lines changed

deploy/chart/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml

Lines changed: 114 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,122 @@ kind: ClusterRole
33
metadata:
44
name: system:controller:operator-lifecycle-manager
55
rules:
6-
- apiGroups: ["*"]
7-
resources: ["*"]
8-
verbs: ["*"]
96
- nonResourceURLs: ["*"]
107
verbs: ["*"]
8+
- apiGroups:
9+
- ""
10+
resources:
11+
- namespaces
12+
- pods
13+
- services
14+
- pods/status
15+
- configmaps
16+
- secrets
17+
- serviceaccounts
18+
verbs:
19+
- "*"
20+
- apiGroups:
21+
- autoscaling.k8s.io
22+
resources:
23+
- verticalpodautoscalers
24+
verbs:
25+
- "*"
26+
- apiGroups:
27+
- console.openshift.io
28+
resources:
29+
- consoleyamlsamples
30+
- consolequickstarts
31+
- consoleclidownloads
32+
- consolelinks
33+
verbs:
34+
- "*"
35+
- apiGroups:
36+
- admissionregistration.k8s.io
37+
resources:
38+
- mutatingwebhookconfigurations
39+
- validatingwebhookconfigurations
40+
verbs:
41+
- "*"
42+
- apiGroups:
43+
- apiextensions.k8s.io
44+
resources:
45+
- customresourcedefinitions
46+
verbs:
47+
- "*"
48+
- apiGroups:
49+
- apiregistration.k8s.io
50+
resources:
51+
- apiservices
52+
verbs:
53+
- "*"
54+
- apiGroups:
55+
- apps
56+
resources:
57+
- deployments
58+
verbs:
59+
- "*"
60+
- apiGroups:
61+
- batch
62+
resources:
63+
- jobs
64+
verbs:
65+
- "*"
66+
- apiGroups:
67+
- config.openshift.io
68+
resources:
69+
- clusteroperators
70+
- infrastructures
71+
- proxies
72+
verbs:
73+
- "*"
74+
- apiGroups:
75+
- coordination.k8s.io
76+
resourceNames:
77+
- packageserver-controller-lock
78+
resources:
79+
- leases
80+
verbs:
81+
- "*"
82+
- apiGroups:
83+
- cluster.com
84+
resources:
85+
- "*"
86+
verbs:
87+
- "*"
88+
- apiGroups:
89+
- operators.coreos.com
90+
resources:
91+
- "*"
92+
verbs:
93+
- "*"
94+
- apiGroups:
95+
- monitoring.coreos.com"
96+
resources:
97+
- prometheusrules
98+
- servicemonitors
99+
verbs:
100+
- "*"
101+
- apiGroups:
102+
- policy
103+
resources:
104+
- poddisruptionbudgets
105+
verbs:
106+
- "*"
107+
- apiGroups:
108+
- scheduling.k8s.io
109+
resources:
110+
- priorityclasses
111+
verbs:
112+
- "*"
113+
- apiGroups:
114+
- rbac.authorization.k8s.io
115+
resources:
116+
- clusterrolebindings
117+
- clusterroles
118+
- rolebindings
119+
- roles
120+
verbs:
121+
- "*"
11122
---
12123
kind: ServiceAccount
13124
apiVersion: v1

0 commit comments

Comments
 (0)