sdb-rbac. yaml
Warning
SingleStore 9.0 gives you the opportunity to preview, evaluate, and provide feedback on new and upcoming features prior to their general availability. In the interim, SingleStore 8.9 is recommended for production workloads, which can later be upgraded to SingleStore 9.0.
This is the RoleBasedAccessControl manifest that generates a ServiceAccount, Role, and RoleBinding object for use with the Operator.
Copy the following to create a ServiceAccount definition file that will be used by the Operator.
apiVersion: v1kind: ServiceAccountmetadata:name: sdb-operator---apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:name: sdb-operatorrules:- apiGroups:- ""resources:- pods- services- endpoints- persistentvolumeclaims- events- configmaps- secretsverbs:- '*'- apiGroups:- policyresources:- poddisruptionbudgetsverbs:- '*'- apiGroups:- batchresources:- cronjobsverbs:- '*'- apiGroups:- ""resources:- namespacesverbs:- get- apiGroups:- apps- extensionsresources:- deployments- daemonsets- replicasets- statefulsets- statefulsets/statusverbs:- '*'- apiGroups:- memsql.comresources:- '*'verbs:- '*'- apiGroups:- networking.k8s.ioresources:- networkpoliciesverbs:- '*'- apiGroups:- ""resources:- serviceaccountsverbs:- get- watch- list---kind: RoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata:name: sdb-operatorsubjects:- kind: ServiceAccountname: sdb-operatorroleRef:kind: Rolename: sdb-operatorapiGroup: rbac.authorization.k8s.io---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: sdb-operatorrules:- apiGroups:- storage.k8s.ioresources:- storageclassesverbs:- get- list- watch- apiGroups:- ""resources:- persistentvolumes- nodesverbs:- get- list- watch---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata:name: sdb-operatorsubjects:- kind: ServiceAccountname: sdb-operatornamespace: <This namespace should be the same as the namespace in which the cluster is going to be deployed or is already deployed>roleRef:kind: ClusterRolename: sdb-operatorapiGroup: rbac.authorization.k8s.io---apiVersion: v1kind: ServiceAccountmetadata:name: backup---apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:name: backuprules:- apiGroups: ["batch"]resources: ["jobs"]verbs: ["get", "list"]- apiGroups:- ""resources:- podsverbs:- get- list- apiGroups:- memsql.comresources:- memsqlclustersverbs:- get---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:name: backupsubjects:- kind: ServiceAccountname: backuproleRef:kind: Rolename: backupapiGroup: rbac.authorization.k8s.io
Last modified: January 9, 2025