--- apiVersion: rbac.authorization.k8s.io/v1 kind: {{ include "install.roleKind" . }} metadata: name: {{ include "install.roleName" . }} labels: {{- include "install.labels" . | nindent 4 }} {{- include "install.clusterLabels" . | nindent 4 }} rules: - apiGroups: - '' resources: - configmaps - persistentvolumeclaims - secrets - services verbs: - create - delete - get - list - patch - watch - apiGroups: - '' resources: - endpoints verbs: - create - delete - deletecollection - get - list - patch - watch - apiGroups: - '' resources: - endpoints/restricted - pods/exec verbs: - create - apiGroups: - '' resources: - events verbs: - create - patch - apiGroups: - '' resources: - pods verbs: - delete - get - list - patch - watch - apiGroups: - '' resources: - serviceaccounts verbs: - create - get - list - patch - watch - apiGroups: - apps resources: - deployments - statefulsets verbs: - create - delete - get - list - patch - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - create - delete - get - list - patch - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - delete - get - list - patch - watch - apiGroups: - postgres-operator.crunchydata.com resources: - postgresclusters verbs: - get - list - patch - watch - apiGroups: - postgres-operator.crunchydata.com resources: - postgresclusters/finalizers verbs: - update - apiGroups: - postgres-operator.crunchydata.com resources: - postgresclusters/status verbs: - patch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - get - list - patch - watch