Skip to content

Commit 26379cb

Browse files
mikhail-klimkomikhail-klimko
committed
wip: Wed Jul 30 12:19:46 +03 2025
1 parent 0a33b9e commit 26379cb

File tree

1 file changed

+121
-1
lines changed

1 file changed

+121
-1
lines changed

charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml

Lines changed: 121 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,126 @@ rules:
7171
- get
7272
- list
7373
- watch
74+
---
75+
{{- if .Values.singleNamespace }}
76+
apiVersion: rbac.authorization.k8s.io/v1
77+
kind: Role
78+
metadata:
79+
name: argo-role
80+
rules:
81+
- apiGroups:
82+
- coordination.k8s.io
83+
resources:
84+
- leases
85+
verbs:
86+
- create
87+
- get
88+
- update
89+
- apiGroups:
90+
- ""
91+
resources:
92+
- pods
93+
- pods/exec
94+
verbs:
95+
- create
96+
- get
97+
- list
98+
- watch
99+
- update
100+
- patch
101+
- delete
102+
- apiGroups:
103+
- ""
104+
resources:
105+
- configmaps
106+
verbs:
107+
- get
108+
- watch
109+
- list
110+
- apiGroups:
111+
- ""
112+
resources:
113+
- persistentvolumeclaims
114+
- persistentvolumeclaims/finalizers
115+
verbs:
116+
- create
117+
- update
118+
- delete
119+
- get
120+
- apiGroups:
121+
- argoproj.io
122+
resources:
123+
- workflows
124+
- workflows/finalizers
125+
- workflowtasksets
126+
- workflowtasksets/finalizers
127+
- workflowartifactgctasks
128+
verbs:
129+
- get
130+
- list
131+
- watch
132+
- update
133+
- patch
134+
- delete
135+
- create
136+
- apiGroups:
137+
- argoproj.io
138+
resources:
139+
- workflowtemplates
140+
- workflowtemplates/finalizers
141+
verbs:
142+
- get
143+
- list
144+
- watch
145+
- apiGroups:
146+
- argoproj.io
147+
resources:
148+
- workflowtaskresults
149+
verbs:
150+
- list
151+
- watch
152+
- deletecollection
153+
- apiGroups:
154+
- ""
155+
resources:
156+
- serviceaccounts
157+
verbs:
158+
- get
159+
- list
160+
- apiGroups:
161+
- ""
162+
resources:
163+
- secrets
164+
verbs:
165+
- get
166+
- apiGroups:
167+
- argoproj.io
168+
resources:
169+
- cronworkflows
170+
- cronworkflows/finalizers
171+
verbs:
172+
- get
173+
- list
174+
- watch
175+
- update
176+
- patch
177+
- delete
178+
- apiGroups:
179+
- ""
180+
resources:
181+
- events
182+
verbs:
183+
- create
184+
- patch
185+
- apiGroups:
186+
- policy
187+
resources:
188+
- poddisruptionbudgets
189+
verbs:
190+
- create
191+
- get
192+
- delete
193+
{{- end }}
74194

75195
---
76196
apiVersion: rbac.authorization.k8s.io/v1
@@ -97,7 +217,7 @@ metadata:
97217
roleRef:
98218
apiGroup: rbac.authorization.k8s.io
99219
kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }}
100-
name: {{ .Values.singleNamespace | ternary "argo-workflow-controller" "argo-edit" }}
220+
name: {{ .Values.singleNamespace | ternary "argo-role" "argo-edit" }}
101221
subjects:
102222
- kind: ServiceAccount
103223
name: {{ include "gitops-operator.serviceAccountName" . }}

0 commit comments

Comments
 (0)