Skip to content

Commit 9487609

Browse files
rjeberhardrjeberhard
committed
Cluster roles for operator and domain admins
1 parent ba4d218 commit 9487609

File tree

3 files changed

+60
-0
lines changed

3 files changed

+60
-0
lines changed

kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Copyright 2018 Oracle Corporation and/or its affiliates. All rights reserved.
2+
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
3+
4+
{{- define "operator.operatorClusterRoleDomainAdmin" }}
5+
---
6+
kind: "ClusterRole"
7+
apiVersion: "rbac.authorization.k8s.io/v1"
8+
metadata:
9+
name: {{ list .Release.Namespace "weblogic-operator-clusterrole-domain-admin" | join "-" | quote }}
10+
labels:
11+
weblogic.resourceVersion: "operator-v2"
12+
weblogic.operatorName: {{ .Release.Namespace | quote }}
13+
rules:
14+
- apiGroups: [""]
15+
resources: ["configmaps", "deployments"]
16+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
17+
- apiGroups: [""]
18+
resources: ["secrets", "pods", "events"]
19+
verbs: ["get", "list", "watch"]
20+
- apiGroups: [""]
21+
resources: ["pods/log"]
22+
verbs: ["get", "list"]
23+
- apiGroups: [""]
24+
resources: ["pods/exec"]
25+
verbs: ["create"]
26+
- apiGroups: ["weblogic.oracle"]
27+
resources: ["domains"]
28+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
29+
- apiGroups: ["weblogic.oracle"]
30+
resources: ["domains/status"]
31+
verbs: ["get", "watch"]
32+
{{- end }}

kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Copyright 2018 Oracle Corporation and/or its affiliates. All rights reserved.
2+
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
3+
4+
{{- define "operator.operatorClusterRoleOperatorAdmin" }}
5+
---
6+
kind: "ClusterRole"
7+
apiVersion: "rbac.authorization.k8s.io/v1"
8+
metadata:
9+
name: {{ list .Release.Namespace "weblogic-operator-clusterrole-operator-admin" | join "-" | quote }}
10+
labels:
11+
weblogic.resourceVersion: "operator-v2"
12+
weblogic.operatorName: {{ .Release.Namespace | quote }}
13+
rules:
14+
- apiGroups: [""]
15+
resources: ["configmaps", "secrets"]
16+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
17+
- apiGroups: [""]
18+
resources: ["pods", "events"]
19+
verbs: ["get", "list", "watch"]
20+
- apiGroups: [""]
21+
resources: ["pods/log"]
22+
verbs: ["get", "list"]
23+
- apiGroups: [""]
24+
resources: ["pods/exec"]
25+
verbs: ["create"]
26+
{{- end }}

kubernetes/charts/weblogic-operator/templates/_operator.tpl

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
{{- include "operator.operatorClusterRoleGeneral" . }}
66
{{- include "operator.operatorClusterRoleNamespace" . }}
77
{{- include "operator.operatorClusterRoleNonResource" . }}
8+
{{- include "operator.operatorClusterRoleOperatorAdmin" . }}
9+
{{- include "operator.operatorClusterRoleDomainAdmin" . }}
810
{{- include "operator.clusterRoleBindingGeneral" . }}
911
{{- include "operator.clusterRoleBindingAuthDelegator" . }}
1012
{{- include "operator.clusterRoleBindingDiscovery" . }}

0 commit comments

Comments
 (0)