apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: openshift.io/description: An ICHP dedicated role for developers. openshift.io/reconcile-protect: "true" labels: app.kubernetes.io/instance: rbac app.kubernetes.io/name: ichp-rbac name: ichp-project-editor rules: - apiGroups: - authdelegation.ichp.ing.net resources: - authdelegations verbs: - '*' - apiGroups: - cert-manager.io resources: - certificaterequests - certificaterequests/status - certificates - certificates/status - issuers - issuers/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - acme.cert-manager.io resources: - challenges - challenges/status - orders - orders/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - operators.coreos.com resources: - catalogsources - clusterserviceversions - installplans - subscriptions verbs: - create - delete - get - list - patch - update - watch - apiGroups: - monitoring.coreos.com resources: - alertmanagers verbs: - create - delete - patch - update - get - list - watch - apiGroups: - monitoring.coreos.com resources: - prometheuses verbs: - create - delete - patch - update - get - list - watch - apiGroups: - monitoring.coreos.com resources: - prometheusrules verbs: - create - delete - patch - update - get - list - watch - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - create - delete - patch - update - get - list - watch - apiGroups: - "" resources: - configmaps - endpoints - limitranges - persistentvolumeclaims - pods - replicationcontrollers - replicationcontrollers/scale - secrets - serviceaccounts - services - services/proxy verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" resources: - bindings - events - namespaces/status - pods/log - pods/status - replicationcontrollers/status - resourcequotas - resourcequotas/status verbs: - get - list - watch - apiGroups: - "" resources: - namespaces verbs: - get - list - watch - apiGroups: - "" resources: - serviceaccounts verbs: - impersonate - apiGroups: - apps resources: - daemonsets - deployments - deployments/rollback - deployments/scale - replicasets - replicasets/scale - statefulsets - statefulsets/scale verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - extensions resources: - daemonsets - deployments - deployments/rollback - deployments/scale - ingresses - networkpolicies - replicasets - replicasets/scale - replicationcontrollers/scale verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - authorization.k8s.io resources: - localsubjectaccessreviews verbs: - create - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - bind - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - authorization.openshift.io resources: - rolebindings - roles verbs: - bind - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - authorization.openshift.io resources: - localresourceaccessreviews - localsubjectaccessreviews - subjectrulesreviews verbs: - create - apiGroups: - "" - security.openshift.io resources: - podsecuritypolicyreviews - podsecuritypolicyselfsubjectreviews - podsecuritypolicysubjectreviews verbs: - create - apiGroups: - "" - authorization.openshift.io resources: - rolebindingrestrictions verbs: - get - list - watch - apiGroups: - "" - build.openshift.io resources: - buildconfigs - buildconfigs/webhooks - builds verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - build.openshift.io resources: - builds/log verbs: - get - list - watch - apiGroups: - "" - build.openshift.io resources: - buildconfigs/instantiate - buildconfigs/instantiatebinary - builds/clone verbs: - create - apiGroups: - "" - build.openshift.io resources: - builds/details verbs: - update - apiGroups: - build.openshift.io resources: - jenkins verbs: - admin - edit - view - apiGroups: - "" - apps.openshift.io resources: - deploymentconfigs - deploymentconfigs/scale verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - apps.openshift.io resources: - deploymentconfigrollbacks - deploymentconfigs/instantiate - deploymentconfigs/rollback verbs: - create - apiGroups: - "" - apps.openshift.io resources: - deploymentconfigs/log - deploymentconfigs/status verbs: - get - list - watch - apiGroups: - "" - image.openshift.io resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreams/secrets - imagestreamtags verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - image.openshift.io resources: - imagestreams/status verbs: - get - list - watch - apiGroups: - "" - image.openshift.io resources: - imagestreams/layers verbs: - get - update - apiGroups: - "" - image.openshift.io resources: - imagestreamimports verbs: - create - apiGroups: - "" - project.openshift.io resources: - projects verbs: - delete - get - patch - update - apiGroups: - "" - quota.openshift.io resources: - appliedclusterresourcequotas verbs: - get - list - watch - apiGroups: - "" - route.openshift.io resources: - routes verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - route.openshift.io resources: - routes/custom-host verbs: - create - apiGroups: - "" - route.openshift.io resources: - routes/status verbs: - get - list - watch - apiGroups: - "" - route.openshift.io resources: - routes/status verbs: - update - apiGroups: - "" - template.openshift.io resources: - processedtemplates - templateconfigs - templateinstances - templates verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - extensions - networking.k8s.io resources: - networkpolicies verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" - build.openshift.io resources: - buildlogs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" resources: - resourcequotausages verbs: - get - list - watch - apiGroups: - "" - authorization.openshift.io resources: - resourceaccessreviews - subjectaccessreviews verbs: - create - apiGroups: - metrics.k8s.io resources: - pods verbs: - get - list - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - ichp.ing.net resources: - quotaautoscalers verbs: - create - delete - get - list - patch - update - watch