Kubernetes Roles
This page shows Kubernetes Roles used by Carthago Operator for Jenkins.
When deploying Operator manually with Custom Resource manifests instead of installing with Helm, this role needs to be applied in order for Operator to start. It contains all the required permissions for the Operator to operate properly.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operator-role
rules:
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- apps
- jenkins-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- build.openshift.io
resources:
- builds
verbs:
- get
- list
- watch
- apiGroups:
- carthago.cloud
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- secrets
- services
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- create
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- get
- list
- update
- watch
Shown here for reference only - this role is created automatically by the Operator.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
carthago.cloud/jenkins: jenkins
name: jenkins
rules:
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- get
- list
- watch
- apiGroups:
- build.openshift.io
resources:
- buildconfigs
verbs:
- get
- list
- watch
- apiGroups:
- build.openshift.io
resources:
- builds
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch