sdb-rbac.yaml
Copy the following to create a ServiceAccount definition file that will be used by the Operator.
apiVersion: v1 kind: ServiceAccount metadata: name: sdb-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sdb-operator rules: - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - events - configmaps - secrets verbs: - '*' - apiGroups: - policy resources: - poddisruptionbudgets verbs: - '*' - apiGroups: - batch resources: - cronjobs verbs: - '*' - apiGroups: - "" resources: - namespaces verbs: - get - apiGroups: - apps - extensions resources: - deployments - daemonsets - replicasets - statefulsets - statefulsets/status verbs: - '*' - apiGroups: - memsql.com resources: - '*' verbs: - '*' - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - '*' - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: sdb-operator subjects: - kind: ServiceAccount name: sdb-operator roleRef: kind: Role name: sdb-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: sdb-operator rules: - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: sdb-operator subjects: - kind: ServiceAccount name: sdb-operator namespace: default roleRef: kind: ClusterRole name: sdb-operator apiGroup: rbac.authorization.k8s.io