Skip to content

Commit 756f6c9

Browse files
adam-sandoradam-sandor
committed
set minimal required permissions for operator service account
1 parent 2c86b3a commit 756f6c9

File tree

1 file changed

+20
-1
lines changed

1 file changed

+20
-1
lines changed

samples/mysql-schema/k8s/deployment.yaml

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,25 @@ spec:
4545
initialDelaySeconds: 30
4646
timeoutSeconds: 1
4747
---
48+
apiVersion: rbac.authorization.k8s.io/v1beta1
49+
kind: ClusterRole
50+
metadata:
51+
name: mysql-schema-operator
52+
rules:
53+
- apiGroups:
54+
- mysql.sample.javaoperatorsdk
55+
resources:
56+
- schemas
57+
verbs:
58+
- "*"
59+
- apiGroups:
60+
- apiextensions.k8s.io
61+
resources:
62+
- customresourcedefinitions
63+
verbs:
64+
- "get"
65+
- "list"
66+
---
4867
apiVersion: v1
4968
kind: ServiceAccount
5069
metadata:
@@ -61,5 +80,5 @@ subjects:
6180
namespace: mysql-schema-operator
6281
roleRef:
6382
kind: ClusterRole
64-
name: cluster-admin
83+
name: mysql-schema-operator
6584
apiGroup: ""

0 commit comments

Comments
 (0)