charts/pxc-operator/templates/role.yaml - atmosphere - Gitiles

 {{- if .Values.rbac.create }}
 {{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
 kind: ClusterRole
 {{- else }}
 kind: Role
 {{- end }}
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "pxc-operator.fullname" . }}
   namespace: {{ .Release.Namespace }}
   labels:
 {{ include "pxc-operator.labels" . | indent 4 }}
 rules:
 - apiGroups:
   - pxc.percona.com
   resources:
   - perconaxtradbclusters
   - perconaxtradbclusters/status
   - perconaxtradbclusterbackups
   - perconaxtradbclusterbackups/status
   - perconaxtradbclusterrestores
   - perconaxtradbclusterrestores/status
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 {{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
   - validatingwebhookconfigurations
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 {{- end }}
 - apiGroups:
   - ""
   resources:
   - pods
   - pods/exec
   - pods/log
   - configmaps
   - services
   - persistentvolumeclaims
   - secrets
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - apps
   resources:
   - deployments
   - replicasets
   - statefulsets
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - batch
   resources:
   - jobs
   - cronjobs
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - policy
   resources:
   - poddisruptionbudgets
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
 - apiGroups:
   - ""
   resources:
   - events
   verbs:
   - create
   - patch
 - apiGroups:
   - certmanager.k8s.io
   - cert-manager.io
   resources:
   - issuers
   - certificates
   verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
   - delete
   - deletecollection
 {{- end }}
	{{- if .Values.rbac.create }}
	{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
	kind: ClusterRole
	{{- else }}
	kind: Role
	{{- end }}
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: {{ include "pxc-operator.fullname" . }}
	namespace: {{ .Release.Namespace }}
	labels:
	{{ include "pxc-operator.labels" . \| indent 4 }}
	rules:
	- apiGroups:
	- pxc.percona.com
	resources:
	- perconaxtradbclusters
	- perconaxtradbclusters/status
	- perconaxtradbclusterbackups
	- perconaxtradbclusterbackups/status
	- perconaxtradbclusterrestores
	- perconaxtradbclusterrestores/status
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
	- apiGroups:
	- admissionregistration.k8s.io
	resources:
	- validatingwebhookconfigurations
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	{{- end }}
	- apiGroups:
	- ""
	resources:
	- pods
	- pods/exec
	- pods/log
	- configmaps
	- services
	- persistentvolumeclaims
	- secrets
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- apps
	resources:
	- deployments
	- replicasets
	- statefulsets
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- batch
	resources:
	- jobs
	- cronjobs
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- policy
	resources:
	- poddisruptionbudgets
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- coordination.k8s.io
	resources:
	- leases
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- apiGroups:
	- certmanager.k8s.io
	- cert-manager.io
	resources:
	- issuers
	- certificates
	verbs:
	- get
	- list
	- watch
	- create
	- update
	- patch
	- delete
	- deletecollection
	{{- end }}