roles/magnum/templates/capi-rbac.yml.j2 - atmosphere - Gitiles

 ---
 apiVersion: v1
 kind: Namespace
 metadata:
   name: magnum-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: magnum-cluster-api
   namespace: magnum-system
 rules:
   - apiGroups: [""]
     resources: [namespaces]
     verbs: [patch]
   - apiGroups: [""]
     resources: [configmaps, secrets]
     verbs: [create, update, patch, get, delete]
   - apiGroups: [cluster.x-k8s.io]
     resources: [clusters]
     verbs: [create, update, patch, get, delete]
   - apiGroups: [cluster.x-k8s.io]
     resources: [clusterclasses]
     verbs: [create, update, patch]
   - apiGroups: [cluster.x-k8s.io]
     resources: [machinedeployments]
     verbs: [list]
   - apiGroups: [bootstrap.cluster.x-k8s.io]
     resources: [kubeadmconfigtemplates]
     verbs: [create, update, patch]
   - apiGroups: [controlplane.cluster.x-k8s.io]
     resources: [kubeadmcontrolplanes]
     verbs: [list]
   - apiGroups: [controlplane.cluster.x-k8s.io]
     resources: [kubeadmcontrolplanetemplates]
     verbs: [create, update, patch]
   - apiGroups: [infrastructure.cluster.x-k8s.io]
     resources: [openstackclustertemplates, openstackmachinetemplates]
     verbs: [create, update, patch]
   - apiGroups: [addons.cluster.x-k8s.io]
     resources: [clusterresourcesets]
     verbs: [create, update, patch, delete]
   - apiGroups: [source.toolkit.fluxcd.io]
     resources: [helmrepositories]
     verbs: [create, update, patch]
   - apiGroups: [helm.toolkit.fluxcd.io]
     resources: [helmreleases]
     verbs: [delete]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: magnum-cluster-api
   namespace: magnum-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: magnum-cluster-api
 subjects:
   - kind: ServiceAccount
     name: magnum-conductor
     namespace: openstack
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: magnum-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: magnum-cluster-api
	namespace: magnum-system
	rules:
	- apiGroups: [""]
	resources: [namespaces]
	verbs: [patch]
	- apiGroups: [""]
	resources: [configmaps, secrets]
	verbs: [create, update, patch, get, delete]
	- apiGroups: [cluster.x-k8s.io]
	resources: [clusters]
	verbs: [create, update, patch, get, delete]
	- apiGroups: [cluster.x-k8s.io]
	resources: [clusterclasses]
	verbs: [create, update, patch]
	- apiGroups: [cluster.x-k8s.io]
	resources: [machinedeployments]
	verbs: [list]
	- apiGroups: [bootstrap.cluster.x-k8s.io]
	resources: [kubeadmconfigtemplates]
	verbs: [create, update, patch]
	- apiGroups: [controlplane.cluster.x-k8s.io]
	resources: [kubeadmcontrolplanes]
	verbs: [list]
	- apiGroups: [controlplane.cluster.x-k8s.io]
	resources: [kubeadmcontrolplanetemplates]
	verbs: [create, update, patch]
	- apiGroups: [infrastructure.cluster.x-k8s.io]
	resources: [openstackclustertemplates, openstackmachinetemplates]
	verbs: [create, update, patch]
	- apiGroups: [addons.cluster.x-k8s.io]
	resources: [clusterresourcesets]
	verbs: [create, update, patch, delete]
	- apiGroups: [source.toolkit.fluxcd.io]
	resources: [helmrepositories]
	verbs: [create, update, patch]
	- apiGroups: [helm.toolkit.fluxcd.io]
	resources: [helmreleases]
	verbs: [delete]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: magnum-cluster-api
	namespace: magnum-system
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: magnum-cluster-api
	subjects:
	- kind: ServiceAccount
	name: magnum-conductor
	namespace: openstack