mirror of
https://github.com/morten-olsen/homelab-operator.git
synced 2026-02-08 01:36:28 +01:00
22 lines
1.1 KiB
YAML
22 lines
1.1 KiB
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: '{{ .Release.Name }}-workspace-creator'
|
|
rules:
|
|
- apiGroups: [''] # "" indicates the core API group (for Pods, PVCs, Services)
|
|
resources: ['pods', 'pods/exec', 'pods/log', 'persistentvolumeclaims', 'services']
|
|
verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
|
|
- apiGroups: ['apps'] # For Deployments, StatefulSets
|
|
resources: ['deployments', 'statefulsets']
|
|
verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
|
|
- apiGroups: ['networking.k8s.io'] # For Ingresses
|
|
resources: ['ingresses']
|
|
verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
|
|
- apiGroups: ['events.k8s.io'] # For events related to workspace activity
|
|
resources: ['events']
|
|
verbs: ['create', 'patch', 'update'] # Coder might create events for workspace lifecycle
|
|
# Add any other resources that Coder workspace templates might create (e.g., secrets, configmaps)
|
|
# - apiGroups: [""]
|
|
# resources: ["secrets", "configmaps"]
|
|
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|