diff --git a/content/embeds/admission-service.md b/content/embeds/admission-service.md new file mode 100644 index 0000000000..43d8f91fe9 --- /dev/null +++ b/content/embeds/admission-service.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: v1 +kind: Service +metadata: + name: admission + labels: + app: redis-enterprise +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + selector: + name: redis-enterprise-operator +``` diff --git a/content/embeds/admission_webhook.md b/content/embeds/admission_webhook.md new file mode 100644 index 0000000000..17d570dd07 --- /dev/null +++ b/content/embeds/admission_webhook.md @@ -0,0 +1,34 @@ +```yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-admission +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: admission + path: /admission + namespace: OPERATOR_NAMESPACE + caBundle: "" # Fill in with BASE64 encoded signed cert + failurePolicy: Fail + matchPolicy: Exact + name: redisenterprise.admission.redislabs + rules: + - apiGroups: + - app.redislabs.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + - redisenterpriseactiveactivedatabases + - redisenterpriseremoteclusters + sideEffects: None + timeoutSeconds: 30 +``` diff --git a/content/embeds/log_collector_role_all_mode.md b/content/embeds/log_collector_role_all_mode.md new file mode 100644 index 0000000000..6f56c7a6d1 --- /dev/null +++ b/content/embeds/log_collector_role_all_mode.md @@ -0,0 +1,187 @@ +```yaml +# The minimal Role and ClusterRole required for running the log collector in 'all' mode. +# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + - services + - endpoints + - configmaps + - secrets + - resourcequotas + - limitranges + - persistentvolumeclaims + - replicationcontrollers + verbs: + - get + - list +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list +- apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +- apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + - installplans + - catalogsources + verbs: + - get + - list +- apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - nodes + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + resourceNames: + - redisenterpriseclusters.app.redislabs.com + - redisenterprisedatabases.app.redislabs.com + - redisenterpriseremoteclusters.app.redislabs.com + - redisenterpriseactiveactivedatabases.app.redislabs.com + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + - storageclasses + verbs: + - get + - list +- apiGroups: + - policy + resources: + - podsecuritypolicy + verbs: + - get + - list +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list +``` diff --git a/content/embeds/log_collector_role_restricted_mode.md b/content/embeds/log_collector_role_restricted_mode.md new file mode 100644 index 0000000000..2a7d9d2ce9 --- /dev/null +++ b/content/embeds/log_collector_role_restricted_mode.md @@ -0,0 +1,146 @@ +```yaml +# The minimal Role and ClusterRole required for running the log collector in 'restricted' mode. +# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + - services + - endpoints + - configmaps + - secrets + - resourcequotas + - limitranges + - persistentvolumeclaims + - replicationcontrollers + verbs: + - get + - list +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list +- apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + resourceNames: + - redisenterpriseclusters.app.redislabs.com + - redisenterprisedatabases.app.redislabs.com + - redisenterpriseremoteclusters.app.redislabs.com + - redisenterpriseactiveactivedatabases.app.redislabs.com + verbs: + - list + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - list + - get +``` diff --git a/content/embeds/multi-ns_operator_cluster_role.md b/content/embeds/multi-ns_operator_cluster_role.md new file mode 100644 index 0000000000..b7cc45f9a9 --- /dev/null +++ b/content/embeds/multi-ns_operator_cluster_role.md @@ -0,0 +1,12 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-operator-consumer-ns + labels: + app: redis-enterprise +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["list", "watch"] +``` diff --git a/content/embeds/multi-ns_operator_cluster_role_binding.md b/content/embeds/multi-ns_operator_cluster_role_binding.md new file mode 100644 index 0000000000..b5103f518a --- /dev/null +++ b/content/embeds/multi-ns_operator_cluster_role_binding.md @@ -0,0 +1,16 @@ +```yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-operator-consumer-ns + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: ClusterRole + name: redis-enterprise-operator-consumer-ns + apiGroup: rbac.authorization.k8s.io +``` diff --git a/content/embeds/multi-ns_role.md b/content/embeds/multi-ns_role.md new file mode 100644 index 0000000000..60ae8ca5a2 --- /dev/null +++ b/content/embeds/multi-ns_role.md @@ -0,0 +1,25 @@ +```yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role + labels: + app: redis-enterprise +rules: + - apiGroups: + - app.redislabs.com + resources: ["redisenterprisedatabases", "redisenterprisedatabases/status", "redisenterprisedatabases/finalizers"] + verbs: ["delete", "get", "list", "patch", "create", "update", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["update", "get", "watch", "create", "patch", "list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "update", "patch", "create", "delete", "watch"] +``` diff --git a/content/embeds/multi-ns_role_binding.md b/content/embeds/multi-ns_role_binding.md new file mode 100644 index 0000000000..9de0938a4b --- /dev/null +++ b/content/embeds/multi-ns_role_binding.md @@ -0,0 +1,19 @@ +```yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: Role + name: redb-role + apiGroup: rbac.authorization.k8s.io +``` diff --git a/content/embeds/openshift_admission-service.md b/content/embeds/openshift_admission-service.md new file mode 100644 index 0000000000..43d8f91fe9 --- /dev/null +++ b/content/embeds/openshift_admission-service.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: v1 +kind: Service +metadata: + name: admission + labels: + app: redis-enterprise +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + selector: + name: redis-enterprise-operator +``` diff --git a/content/embeds/openshift_rec.md b/content/embeds/openshift_rec.md new file mode 100644 index 0000000000..25b32e22b6 --- /dev/null +++ b/content/embeds/openshift_rec.md @@ -0,0 +1,18 @@ +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec + labels: + app: redis-enterprise +spec: + # Add fields here + nodes: 3 + redisEnterpriseImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise + versionTag: 7.8.2-34.rhel8-openshift + redisEnterpriseServicesRiggerImageSpec: + repository: registry.connect.redhat.com/redislabs/services-manager + bootstrapperImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator +``` diff --git a/content/embeds/openshift_role.md b/content/embeds/openshift_role.md new file mode 100644 index 0000000000..e228260e83 --- /dev/null +++ b/content/embeds/openshift_role.md @@ -0,0 +1,195 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +rules: + - apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - serviceaccounts + - rolebindings + verbs: + - create + - get + - update + - patch + - delete + - apiGroups: + - app.redislabs.com + resources: + - redisenterpriseclusters + - redisenterpriseclusters/status + - redisenterpriseclusters/finalizers + - redisenterprisedatabases + - redisenterprisedatabases/status + - redisenterprisedatabases/finalizers + - redisenterpriseremoteclusters + - redisenterpriseremoteclusters/status + - redisenterpriseremoteclusters/finalizers + - redisenterpriseactiveactivedatabases + - redisenterpriseactiveactivedatabases/status + - redisenterpriseactiveactivedatabases/finalizers + verbs: + - delete + - get + - list + - patch + - create + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - update + - get + - create + - patch + - delete + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - create + - delete + - get + - patch + - update + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - update + - watch + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - patch + - delete + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - patch + - create + - delete + - watch + - apiGroups: + - policy + resourceNames: + - redis-enterprise-psp + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - patch + - delete + - list + - update + - get + - watch + - apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list + - update + - patch + - create + - delete + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use +``` diff --git a/content/embeds/openshift_role_binding.md b/content/embeds/openshift_role_binding.md new file mode 100644 index 0000000000..8c72199c24 --- /dev/null +++ b/content/embeds/openshift_role_binding.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-enterprise-operator +subjects: + - kind: ServiceAccount + name: redis-enterprise-operator +``` diff --git a/content/embeds/openshift_scc.md b/content/embeds/openshift_scc.md new file mode 100644 index 0000000000..39b3cba9c7 --- /dev/null +++ b/content/embeds/openshift_scc.md @@ -0,0 +1,32 @@ +```yaml +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: redis-enterprise-scc-v2 + annotations: + kubernetes.io/description: redis-enterprise-scc-v2 is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes. It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability, which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards. Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers. +allowedCapabilities: + - SYS_RESOURCE +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +readOnlyRootFilesystem: false +runAsUser: + type: MustRunAs + uid: 1001 +fsGroup: + type: MustRunAs + ranges: + - min: 1001 + max: 1001 +seLinuxContext: + type: MustRunAs +seccompProfiles: + - runtime/default +supplementalGroups: + type: RunAsAny +``` diff --git a/content/embeds/openshift_service_account.md b/content/embeds/openshift_service_account.md new file mode 100644 index 0000000000..cdf09aed04 --- /dev/null +++ b/content/embeds/openshift_service_account.md @@ -0,0 +1,8 @@ +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +``` diff --git a/content/embeds/rack_aware_cluster_role.md b/content/embeds/rack_aware_cluster_role.md new file mode 100644 index 0000000000..a888f7ef77 --- /dev/null +++ b/content/embeds/rack_aware_cluster_role.md @@ -0,0 +1,11 @@ +```yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-operator +rules: + # needed for rack awareness + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "get", "watch"] +``` diff --git a/content/embeds/rack_aware_cluster_role_binding.md b/content/embeds/rack_aware_cluster_role_binding.md new file mode 100644 index 0000000000..c8f0a92069 --- /dev/null +++ b/content/embeds/rack_aware_cluster_role_binding.md @@ -0,0 +1,16 @@ +```yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-operator + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + namespace: NAMESPACE_OF_SERVICE_ACCOUNT + name: redis-enterprise-operator +roleRef: + kind: ClusterRole + name: redis-enterprise-operator + apiGroup: rbac.authorization.k8s.io +``` diff --git a/content/embeds/rack_aware_rec.md b/content/embeds/rack_aware_rec.md new file mode 100644 index 0000000000..b66bdaeaf1 --- /dev/null +++ b/content/embeds/rack_aware_rec.md @@ -0,0 +1,11 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseCluster +metadata: + name: rack-aware-cluster + labels: + app: redis-enterprise +spec: + nodes: 3 + rackAwarenessNodeLabel: topology.kubernetes.io/zone +``` diff --git a/content/embeds/reaadb.md b/content/embeds/reaadb.md new file mode 100644 index 0000000000..744c6f65e2 --- /dev/null +++ b/content/embeds/reaadb.md @@ -0,0 +1,14 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseActiveActiveDatabase +metadata: + name: reaadb-1 + labels: + app: redis-enterprise +spec: + participatingClusters: + # Participating cluster pointing to RERC named: 'new-york-1'. + - name: new-york-1 + # Participating cluster pointing to RERC named: 'boston-1'. + - name: boston-1 +``` diff --git a/content/embeds/rec.md b/content/embeds/rec.md new file mode 100644 index 0000000000..0092204c5c --- /dev/null +++ b/content/embeds/rec.md @@ -0,0 +1,11 @@ +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec + labels: + app: redis-enterprise +spec: + # Add fields here + nodes: 3 +``` diff --git a/content/embeds/redb.md b/content/embeds/redb.md new file mode 100644 index 0000000000..5470c080c6 --- /dev/null +++ b/content/embeds/redb.md @@ -0,0 +1,8 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseDatabase +metadata: + name: redis-enterprise-database + labels: + app: redis-enterprise +``` diff --git a/content/embeds/rerc.md b/content/embeds/rerc.md new file mode 100644 index 0000000000..48e80bee38 --- /dev/null +++ b/content/embeds/rerc.md @@ -0,0 +1,22 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseRemoteCluster +metadata: + # Your name of the RERC. + name: new-york-1 + labels: + app: redis-enterprise +spec: + # The name of the REC that the RERC is pointing at + recName: rec + # The Namespace of the REC that the RERC is pointing at + recNamespace: ns1 + # The URL of the cluster, will be used for the active-active database URL + apiFqdnUrl: testapi-new-york-1-ns1.redislabs.com + # The database URL suffix, will be used for the active-active + # database replication endpoint and replication endpoint SNI + dbFqdnSuffix: -example-new-york-1-ns1.redislabs.com + # The name of the secret containing cluster credentials. + # Need to follow format: "redis-enterprise-"' + secretName: redis-enterprise-new-york-1 +``` diff --git a/content/embeds/role.md b/content/embeds/role.md new file mode 100644 index 0000000000..661fad55be --- /dev/null +++ b/content/embeds/role.md @@ -0,0 +1,174 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +rules: + - apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - serviceaccounts + - rolebindings + verbs: + - create + - get + - update + - patch + - delete + - apiGroups: + - app.redislabs.com + resources: + - redisenterpriseclusters + - redisenterpriseclusters/status + - redisenterpriseclusters/finalizers + - redisenterprisedatabases + - redisenterprisedatabases/status + - redisenterprisedatabases/finalizers + - redisenterpriseremoteclusters + - redisenterpriseremoteclusters/status + - redisenterpriseremoteclusters/finalizers + - redisenterpriseactiveactivedatabases + - redisenterpriseactiveactivedatabases/status + - redisenterpriseactiveactivedatabases/finalizers + verbs: + - delete + - get + - list + - patch + - create + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - update + - get + - create + - patch + - delete + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - create + - delete + - get + - patch + - update + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - update + - watch + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - patch + - delete + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - patch + - create + - delete + - watch + - apiGroups: + - policy + resourceNames: + - redis-enterprise-psp + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - patch + - delete + - list + - update + - get + - watch + - apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list + - update + - patch + - create + - delete + - watch +``` diff --git a/content/embeds/role_binding.md b/content/embeds/role_binding.md new file mode 100644 index 0000000000..8c72199c24 --- /dev/null +++ b/content/embeds/role_binding.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-enterprise-operator +subjects: + - kind: ServiceAccount + name: redis-enterprise-operator +``` diff --git a/content/embeds/service_account.md b/content/embeds/service_account.md new file mode 100644 index 0000000000..cdf09aed04 --- /dev/null +++ b/content/embeds/service_account.md @@ -0,0 +1,8 @@ +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +```