mirror of
https://github.com/cloudnative-pg/plugin-barman-cloud.git
synced 2026-01-11 21:23:12 +01:00
27d073a55f
BREAKING CHANGE: All RBAC resource names have been renamed with consistent prefixes to prevent naming conflicts with other cluster components. Users must migrate their existing installations by deleting old resources and applying the new manifest. See the migration guide for detailed instructions: https://cloudnative-pg.io/plugin-barman-cloud/resource-name-migration/ Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
249 lines
4.6 KiB
YAML
249 lines
4.6 KiB
YAML
# This manifest contains the RBAC resources for the plugin-barman-cloud migration.
|
|
#
|
|
# IMPORTANT: This manifest should be applied with the namespace flag:
|
|
# kubectl apply -f migration-rbac.yaml -n cnpg-system
|
|
#
|
|
# If you are using a different namespace, replace 'cnpg-system' with your namespace.
|
|
# The namespace-scoped resources (ServiceAccount, Role, RoleBinding) will be created
|
|
# in the namespace you specify, while cluster-scoped resources (ClusterRole, ClusterRoleBinding)
|
|
# will be created globally but will reference the ServiceAccount in your specified namespace.
|
|
#
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kustomize
|
|
app.kubernetes.io/name: plugin-barman-cloud
|
|
name: plugin-barman-cloud
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kustomize
|
|
app.kubernetes.io/name: plugin-barman-cloud
|
|
name: barman-plugin-leader-election-role
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: barman-plugin-metrics-auth-role
|
|
rules:
|
|
- apiGroups:
|
|
- authentication.k8s.io
|
|
resources:
|
|
- tokenreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- authorization.k8s.io
|
|
resources:
|
|
- subjectaccessreviews
|
|
verbs:
|
|
- create
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: barman-plugin-metrics-reader
|
|
rules:
|
|
- nonResourceURLs:
|
|
- /metrics
|
|
verbs:
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kustomize
|
|
app.kubernetes.io/name: plugin-barman-cloud
|
|
name: barman-plugin-objectstore-editor-role
|
|
rules:
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores/status
|
|
verbs:
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kustomize
|
|
app.kubernetes.io/name: plugin-barman-cloud
|
|
name: barman-plugin-objectstore-viewer-role
|
|
rules:
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores/status
|
|
verbs:
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: plugin-barman-cloud
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- barmancloud.cnpg.io
|
|
resources:
|
|
- objectstores/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- postgresql.cnpg.io
|
|
resources:
|
|
- backups
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- postgresql.cnpg.io
|
|
resources:
|
|
- clusters/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- rolebindings
|
|
- roles
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kustomize
|
|
app.kubernetes.io/name: plugin-barman-cloud
|
|
name: barman-plugin-leader-election-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: barman-plugin-leader-election-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: plugin-barman-cloud
|
|
namespace: cnpg-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: barman-plugin-metrics-auth-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: barman-plugin-metrics-auth-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: plugin-barman-cloud
|
|
namespace: cnpg-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/managed-by: kustomize
|
|
app.kubernetes.io/name: plugin-barman-cloud
|
|
name: plugin-barman-cloud-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: plugin-barman-cloud
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: plugin-barman-cloud
|
|
namespace: cnpg-system
|