diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index abbf3e62..d21646b9 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -123,6 +123,12 @@ rules: - get - list - watch + - apiGroups: + - "policy" + resources: + - poddisruptionbudgets/status + verbs: + - get - apiGroups: - "" resources: diff --git a/helm-chart/flink-operator/templates/rbac.yaml b/helm-chart/flink-operator/templates/rbac.yaml index 1f6ff44b..6e0710e5 100644 --- a/helm-chart/flink-operator/templates/rbac.yaml +++ b/helm-chart/flink-operator/templates/rbac.yaml @@ -52,215 +52,210 @@ metadata: creationTimestamp: null name: flink-operator-manager-role rules: -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments/status - verbs: - - get -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - get -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - batch - resources: - - jobs/status - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events/status - verbs: - - get -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - - pods/log - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get -- apiGroups: - - flinkoperator.k8s.io - resources: - - flinkclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - flinkoperator.k8s.io - resources: - - flinkclusters/status - verbs: - - get - - patch - - update -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - create - - update - - patch -- apiGroups: - - scheduling.volcano.sh - resources: - - podgroups - verbs: - - get - - create - - update + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs/status + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events/status + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "policy" + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "policy" + resources: + - poddisruptionbudgets/status + verbs: + - get + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/status + - pods/log + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - apiGroups: + - flinkoperator.k8s.io + resources: + - flinkclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flinkoperator.k8s.io + resources: + - flinkclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - scheduling.volcano.sh + resources: + - podgroups + verbs: + - get + - create + - update + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole