diff --git a/.changes/unreleased/operator-Changed-20250721-184422.yaml b/.changes/unreleased/operator-Changed-20250721-184422.yaml new file mode 100644 index 000000000..555d7204d --- /dev/null +++ b/.changes/unreleased/operator-Changed-20250721-184422.yaml @@ -0,0 +1,4 @@ +project: operator +kind: Changed +body: Redpanda operator, by default will now reconcile Redpanda custom resource accross namespaces. If user would like to scope reconciler to particular namespace please set `--namespace` flag into operator deployment. +time: 2025-07-21T18:44:22.117328+02:00 diff --git a/acceptance/features/metrics.feature b/acceptance/features/metrics.feature index 68d624bcf..6c27198bc 100644 --- a/acceptance/features/metrics.feature +++ b/acceptance/features/metrics.feature @@ -20,7 +20,7 @@ Feature: Metrics endpoint has authentication and authorization metadata: name: testing """ - And "testing" service account has bounded "redpanda-operator-metrics-reader" cluster role + And "testing" service account has bounded "redpanda-operator-.*-metrics-reader" regexp cluster role name Then its metrics endpoint should accept https request with "testing" service account token diff --git a/acceptance/features/operator-upgrades.feature b/acceptance/features/operator-upgrades.feature index ddc78944d..028569608 100644 --- a/acceptance/features/operator-upgrades.feature +++ b/acceptance/features/operator-upgrades.feature @@ -1,8 +1,9 @@ -@operator:none +@operator:none @vcluster Feature: Upgrading the operator @skip:gke @skip:aks @skip:eks Scenario: Operator upgrade from 2.4.5 - Given I install redpanda helm chart version "v2.4.5" with the values: + Given I install local CRDs from "../operator/config/crd/bases" + And I install redpanda helm chart version "v2.4.5" with the values: """ """ @@ -26,6 +27,41 @@ Feature: Upgrading the operator image: tag: dev repository: localhost/redpanda-operator + crds: + enabled: true + """ + # use the new status as this will eventually get set + And cluster "operator-upgrade" should be stable with 1 nodes + + @skip:gke @skip:aks @skip:eks + Scenario: Operator upgrade from 25.1.3 + And I install redpanda helm chart version "v25.1.3" with the values: + """ + crds: + enabled: true + """ + And I apply Kubernetes manifest: + """ + --- + apiVersion: cluster.redpanda.com/v1alpha2 + kind: Redpanda + metadata: + name: operator-upgrade + spec: + clusterSpec: + statefulset: + replicas: 1 + """ + # use just a Ready status check here since that's all the + # old operator supports + And cluster "operator-upgrade" is available + Then I can upgrade to the latest operator with the values: + """ + image: + tag: dev + repository: localhost/redpanda-operator + crds: + enabled: true """ # use the new status as this will eventually get set And cluster "operator-upgrade" should be stable with 1 nodes diff --git a/acceptance/go.sum b/acceptance/go.sum index 894807e8a..8ad741f46 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -1145,6 +1145,8 @@ k8s.io/client-go v0.33.2 h1:z8CIcc0P581x/J1ZYf4CNzRKxRvQAwoAolYPbtQes+E= k8s.io/client-go v0.33.2/go.mod h1:9mCgT4wROvL948w6f6ArJNb7yQd7QsvqavDeZHvNmHo= k8s.io/component-base v0.33.2 h1:sCCsn9s/dG3ZrQTX/Us0/Sx2R0G5kwa0wbZFYoVp/+0= k8s.io/component-base v0.33.2/go.mod h1:/41uw9wKzuelhN+u+/C59ixxf4tYQKW7p32ddkYNe2k= +k8s.io/component-helpers v0.33.2 h1:AjCtYzst11NV8ensxV/2LEEXRwctqS7Bs44bje9Qcnw= +k8s.io/component-helpers v0.33.2/go.mod h1:PsPpiCk74n8pGWp1d6kjK/iSKBTyQfIacv02BNkMenU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= @@ -1157,6 +1159,8 @@ oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= diff --git a/acceptance/main_test.go b/acceptance/main_test.go index 0f97bfe69..dae442bd0 100644 --- a/acceptance/main_test.go +++ b/acceptance/main_test.go @@ -18,12 +18,14 @@ import ( "testing" "github.com/stretchr/testify/require" + "k8s.io/utils/ptr" _ "github.com/redpanda-data/redpanda-operator/acceptance/steps" framework "github.com/redpanda-data/redpanda-operator/harpoon" "github.com/redpanda-data/redpanda-operator/harpoon/providers" redpandav1alpha1 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha1" redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" + operatorchart "github.com/redpanda-data/redpanda-operator/operator/chart" "github.com/redpanda-data/redpanda-operator/pkg/helm" "github.com/redpanda-data/redpanda-operator/pkg/otelutil" "github.com/redpanda-data/redpanda-operator/pkg/testutil" @@ -67,7 +69,6 @@ var setupSuite = sync.OnceValues(func() (*framework.Suite, error) { "installCRDs": true, }, }). - WithCRDDirectory("../operator/config/crd/bases"). OnFeature(func(ctx context.Context, t framework.TestingT, tags ...framework.ParsedTag) { // this actually switches namespaces, run it first namespace := t.IsolateNamespace(ctx) @@ -79,15 +80,18 @@ var setupSuite = sync.OnceValues(func() (*framework.Suite, error) { t.InstallLocalHelmChart(ctx, "../operator/chart", helm.InstallOptions{ Name: "redpanda-operator", Namespace: namespace, - Values: map[string]any{ - "logLevel": "trace", - "image": map[string]any{ - "tag": imageTag, - "repository": imageRepo, + Values: operatorchart.PartialValues{ + LogLevel: ptr.To("trace"), + Image: &operatorchart.PartialImage{ + Tag: ptr.To(imageTag), + Repository: ptr.To(imageRepo), }, - "additionalCmdFlags": []string{ + CRDs: &operatorchart.PartialCRDs{ + Enabled: ptr.To(true), + }, + AdditionalCmdFlags: []string{ // These are needed for running decommissioning tests. - "--additional-controllers=all", + "--additional-controllers=nodeWatcher,decommission", "--unbind-pvcs-after=5s", // This is set to a lower timeout due to the way that our internal // admin client handles retries to brokers that are gone but still diff --git a/acceptance/steps/helpers.go b/acceptance/steps/helpers.go index 311931e66..1a365eed1 100644 --- a/acceptance/steps/helpers.go +++ b/acceptance/steps/helpers.go @@ -481,10 +481,12 @@ func removeAllFinalizers(ctx context.Context, t framework.TestingT, gvk schema.G list := &unstructured.UnstructuredList{} list.SetGroupVersionKind(gvk) - require.NoError(t, t.List(ctx, list)) - for i := range list.Items { - item := list.Items[i] - item.SetFinalizers(nil) - require.NoError(t, t.Update(ctx, &item)) + // swallow errors for non-existent crds + if err := t.List(ctx, list); err == nil { + for i := range list.Items { + item := list.Items[i] + item.SetFinalizers(nil) + require.NoError(t, t.Update(ctx, &item)) + } } } diff --git a/acceptance/steps/k8s.go b/acceptance/steps/k8s.go index 9d0250413..e83e46a18 100644 --- a/acceptance/steps/k8s.go +++ b/acceptance/steps/k8s.go @@ -16,6 +16,11 @@ import ( redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" ) +// this is a nasty hack due to the fact that we can't disable the linter for typecheck +// that reports sigs.k8s.io/controller-runtime/pkg/client as unused when it's solely used +// for type assertions +var _ client.Object = (client.Object)(nil) + func kubernetesObjectHasClusterOwner(ctx context.Context, t framework.TestingT, groupVersionKind, resourceName, clusterName string) { var cluster redpandav1alpha2.Redpanda diff --git a/acceptance/steps/manifest.go b/acceptance/steps/manifest.go index 2b6676086..c0f6e0648 100644 --- a/acceptance/steps/manifest.go +++ b/acceptance/steps/manifest.go @@ -33,3 +33,7 @@ func iApplyKubernetesManifest(ctx context.Context, t framework.TestingT, manifes t.ApplyManifest(ctx, file.Name()) } + +func iInstallLocalCRDs(ctx context.Context, t framework.TestingT, directory string) { + t.ApplyManifest(ctx, directory) +} diff --git a/acceptance/steps/operator.go b/acceptance/steps/operator.go index 32774dd98..9c1fe774e 100644 --- a/acceptance/steps/operator.go +++ b/acceptance/steps/operator.go @@ -13,6 +13,9 @@ import ( "context" "fmt" "os" + "regexp" + "strconv" + "strings" "github.com/cucumber/godog" "github.com/stretchr/testify/require" @@ -50,9 +53,18 @@ func acceptServiceAccountMetricsRequest(ctx context.Context, serviceAccountName clientsForOperator(ctx, true, serviceAccountName, "").ExpectCorrectMetricsResponse(ctx) } -func createClusterRoleBinding(ctx context.Context, serviceAccountName, clusterRoleName string) { +func createClusterRoleBinding(ctx context.Context, serviceAccountName, clusterRoleRegexp string) { t := framework.T(ctx) + crs := &rbacv1.ClusterRoleList{} + require.NoError(t, t.List(ctx, crs)) + clusterRoleName := "" + for _, cr := range crs.Items { + if regexp.MustCompile(clusterRoleRegexp).Match([]byte(cr.Name)) { + clusterRoleName = cr.Name + } + } + require.NoError(t, t.Create(ctx, &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: serviceAccountName, @@ -112,9 +124,14 @@ func iInstallRedpandaHelmChartVersionWithTheValues(ctx context.Context, t framew require.NoError(t, os.RemoveAll(file.Name())) }) - // these are needed for old versions of the operator - t.ApplyManifest(ctx, fmt.Sprintf("https://raw.githubusercontent.com/redpanda-data/redpanda-operator/refs/tags/%s/operator/config/crd/bases/toolkit.fluxcd.io/helm-controller.yaml", version)) - t.ApplyManifest(ctx, fmt.Sprintf("https://raw.githubusercontent.com/redpanda-data/redpanda-operator/refs/tags/%s/operator/config/crd/bases/toolkit.fluxcd.io/source-controller.yaml", version)) + major, err := strconv.Atoi(strings.Split(strings.TrimPrefix(version, "v"), ".")[0]) + require.NoError(t, err) + + if major < 25 { + // these are needed for old versions of the operator + t.ApplyManifest(ctx, fmt.Sprintf("https://raw.githubusercontent.com/redpanda-data/redpanda-operator/refs/tags/%s/operator/config/crd/bases/toolkit.fluxcd.io/helm-controller.yaml", version)) + t.ApplyManifest(ctx, fmt.Sprintf("https://raw.githubusercontent.com/redpanda-data/redpanda-operator/refs/tags/%s/operator/config/crd/bases/toolkit.fluxcd.io/source-controller.yaml", version)) + } t.Cleanup(func(ctx context.Context) { // make sure we remove all finalizers for these or the CRD cleanup will get wedged diff --git a/acceptance/steps/register.go b/acceptance/steps/register.go index b03546afe..1997e7815 100644 --- a/acceptance/steps/register.go +++ b/acceptance/steps/register.go @@ -48,7 +48,7 @@ func init() { framework.RegisterStep(`^the operator is running$`, operatorIsRunning) framework.RegisterStep(`^its metrics endpoint should reject http request with status code "([^"]*)"$`, requestMetricsEndpointPlainHTTP) framework.RegisterStep(`^its metrics endpoint should reject authorization random token request with status code "([^"]*)"$`, requestMetricsEndpointWithTLSAndRandomToken) - framework.RegisterStep(`^"([^"]*)" service account has bounded "([^"]*)" cluster role$`, createClusterRoleBinding) + framework.RegisterStep(`^"([^"]*)" service account has bounded "([^"]*)" regexp cluster role name$`, createClusterRoleBinding) framework.RegisterStep(`^its metrics endpoint should accept https request with "([^"]*)" service account token$`, acceptServiceAccountMetricsRequest) // Helm migration scenario steps @@ -79,4 +79,5 @@ func init() { // Operator upgrade scenario steps framework.RegisterStep(`^I can upgrade to the latest operator with the values:$`, iCanUpgradeToTheLatestOperatorWithTheValues) framework.RegisterStep(`^I install redpanda helm chart version "([^"]*)" with the values:$`, iInstallRedpandaHelmChartVersionWithTheValues) + framework.RegisterStep(`^I install local CRDs from "([^"]*)"`, iInstallLocalCRDs) } diff --git a/charts/redpanda/README.md b/charts/redpanda/README.md index 6a24306a6..558ee4270 100644 --- a/charts/redpanda/README.md +++ b/charts/redpanda/README.md @@ -592,7 +592,7 @@ Annotations to add to the `rbac` resources. ### [rbac.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac.enabled) -Controls whether or not Roles, ClusterRoles, and bindings thereof will be generated. Disabling this very likely result in a non-functional deployment. If you use the Redpanda Operator, you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. +Controls whether or not Roles, ClusterRoles, and bindings thereof will be generated. Disabling this very likely result in a non-functional deployment. **Default:** `true` diff --git a/charts/redpanda/values.yaml b/charts/redpanda/values.yaml index bfde498ca..7aceb8ea8 100644 --- a/charts/redpanda/values.yaml +++ b/charts/redpanda/values.yaml @@ -731,8 +731,6 @@ rbac: # -- Controls whether or not Roles, ClusterRoles, and bindings thereof will # be generated. Disabling this very likely result in a non-functional # deployment. - # If you use the Redpanda Operator, you must deploy it with the `--set - # rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. enabled: true # -- Controls whether or not a Role and RoleBinding will be generated for the diff --git a/operator/api/redpanda/v1alpha1/redpanda_types.go b/operator/api/redpanda/v1alpha1/redpanda_types.go index 04aaaeb34..eeb0f45d4 100644 --- a/operator/api/redpanda/v1alpha1/redpanda_types.go +++ b/operator/api/redpanda/v1alpha1/redpanda_types.go @@ -31,13 +31,3 @@ type RedpandaList redpandav1alpha2.RedpandaList func init() { SchemeBuilder.Register(&Redpanda{}, &RedpandaList{}) } - -// RedpandaReady registers a successful reconciliation of the given HelmRelease. -func RedpandaReady(rp *Redpanda) *Redpanda { - return (*Redpanda)(redpandav1alpha2.RedpandaReady((*redpandav1alpha2.Redpanda)(rp))) -} - -// RedpandaNotReady registers a failed reconciliation of the given Redpanda. -func RedpandaNotReady(rp *Redpanda, reason, message string) *Redpanda { - return (*Redpanda)(redpandav1alpha2.RedpandaNotReady((*redpandav1alpha2.Redpanda)(rp), reason, message)) -} diff --git a/operator/api/redpanda/v1alpha2/redpanda_conversion.go b/operator/api/redpanda/v1alpha2/redpanda_conversion.go index 380135c66..d9fa32581 100644 --- a/operator/api/redpanda/v1alpha2/redpanda_conversion.go +++ b/operator/api/redpanda/v1alpha2/redpanda_conversion.go @@ -10,17 +10,9 @@ package v1alpha2 import ( - ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/conversion" ) var _ conversion.Hub = &Redpanda{} func (*Redpanda) Hub() {} - -// SetupWebhookWithManager will setup the manager to manage the webhooks -func (in *Redpanda) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(in). - Complete() -} diff --git a/operator/api/redpanda/v1alpha2/redpanda_types.go b/operator/api/redpanda/v1alpha2/redpanda_types.go index 0cfaa76c6..fd9564225 100644 --- a/operator/api/redpanda/v1alpha2/redpanda_types.go +++ b/operator/api/redpanda/v1alpha2/redpanda_types.go @@ -17,7 +17,6 @@ import ( "github.com/cockroachdb/errors" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/rest" @@ -273,14 +272,6 @@ func (in *Redpanda) GetHelmReleaseName() string { return in.Name } -func (in *Redpanda) GetHelmRepositoryName() string { - helmRepository := in.Spec.ChartRef.HelmRepositoryName - if helmRepository == "" { - helmRepository = "redpanda-repository" - } - return helmRepository -} - func (in *Redpanda) ValuesJSON() (*apiextensionsv1.JSON, error) { vyaml, err := json.Marshal(in.Spec.ClusterSpec) if err != nil { @@ -295,31 +286,6 @@ func (in *Redpanda) GenerationObserved() bool { return in.Generation != 0 && in.Generation == in.Status.ObservedGeneration } -// RedpandaReady registers a successful reconciliation of the given HelmRelease. -func RedpandaReady(rp *Redpanda) *Redpanda { - newCondition := metav1.Condition{ - Type: ReadyCondition, - Status: metav1.ConditionTrue, - Reason: "RedpandaClusterDeployed", - Message: "Redpanda reconciliation succeeded", - } - apimeta.SetStatusCondition(rp.GetConditions(), newCondition) - rp.Status.LastAppliedRevision = rp.Status.LastAttemptedRevision - return rp -} - -// RedpandaNotReady registers a failed reconciliation of the given Redpanda. -func RedpandaNotReady(rp *Redpanda, reason, message string) *Redpanda { - newCondition := metav1.Condition{ - Type: ReadyCondition, - Status: metav1.ConditionFalse, - Reason: reason, - Message: message, - } - apimeta.SetStatusCondition(rp.GetConditions(), newCondition) - return rp -} - // GetConditions returns the status conditions of the object. func (in *Redpanda) GetConditions() *[]metav1.Condition { return &in.Status.Conditions @@ -355,3 +321,48 @@ func (in *Redpanda) GetDot(restConfig *rest.Config) (*helmette.Dot, error) { IsUpgrade: true, }, in.Spec.ClusterSpec.DeepCopy()) } + +// MinimalRedpandaSpec returns a [RedpandaSpec] with the smallest resource +// footprint possible for use in integration and E2E tests. +func MinimalRedpandaSpec() RedpandaSpec { + return RedpandaSpec{ + // Any empty structs are to make setting them more ergonomic + // without having to worry about nil pointers. + ChartRef: ChartRef{}, + ClusterSpec: &RedpandaClusterSpec{ + Config: &Config{}, + External: &External{ + // Disable NodePort creation to stop broken tests from blocking others due to port conflicts. + Enabled: ptr.To(false), + }, + Image: &RedpandaImage{ + Repository: ptr.To("redpandadata/redpanda"), // Use docker.io to make caching easier and to not inflate our own metrics. + }, + Console: &RedpandaConsole{ + Enabled: ptr.To(false), // Speed up most cases by not enabling console to start. + }, + Statefulset: &Statefulset{ + Replicas: ptr.To(1), // Speed up tests ever so slightly. + PodAntiAffinity: &PodAntiAffinity{ + // Disable the default "hard" affinity so we can + // schedule multiple redpanda Pods on a single + // kubernetes node. Useful for tests that require > 3 + // brokers. + Type: ptr.To("soft"), + }, + // Speeds up managed decommission tests. Decommissioned + // nodes will take the entirety of + // TerminationGracePeriodSeconds as the pre-stop hook + // doesn't account for decommissioned nodes. + TerminationGracePeriodSeconds: ptr.To(10), + }, + Resources: &Resources{ + CPU: &CPU{ + // Inform redpanda/seastar that it's not going to get + // all the resources it's promised. + Overprovisioned: ptr.To(true), + }, + }, + }, + } +} diff --git a/operator/chart/README.md b/operator/chart/README.md index 09db512ac..aaa0fbe3c 100644 --- a/operator/chart/README.md +++ b/operator/chart/README.md @@ -247,7 +247,7 @@ Role-based Access Control (RBAC) configuration for the Redpanda Operator. **Default:** ``` -{"create":true,"createAdditionalControllerCRs":true,"createRPKBundleCRs":true} +{"create":true,"createAdditionalControllerCRs":true} ``` ### [rbac.create](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=rbac.create) @@ -262,12 +262,6 @@ Create RBAC cluster roles needed for the Redpanda Helm chart's 'rbac.enabled' fe **Default:** `true` -### [rbac.createRPKBundleCRs](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=rbac.createRPKBundleCRs) - -Create ClusterRoles needed for the Redpanda Helm chart's 'rbac.rpkDebugBundle' feature. - -**Default:** `true` - ### [replicaCount](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=replicaCount) Sets the number of instances of the Redpanda Operator to deploy. Each instance is deployed as a Pod. All instances are managed by a Deployment resource. @@ -280,12 +274,6 @@ Sets resources requests/limits for Redpanda Operator Pods. By default requests a **Default:** `{}` -### [scope](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=scope) - -Sets the scope of the Redpanda Operator. Valid values are `Cluster` or `Namespace`. The Cluster scope is deprecated because it deploys the deprecated version of the Redpanda Operator. Use the default Namespace scope. In the Namespace scope, the Redpanda Operator manages Redpanda resources that are deployed in the same namespace as itself. - -**Default:** `"Namespace"` - ### [serviceAccount](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=serviceAccount) Service account management. diff --git a/operator/chart/chart.go b/operator/chart/chart.go index b2a98be0a..5e1f9cc46 100644 --- a/operator/chart/chart.go +++ b/operator/chart/chart.go @@ -62,18 +62,10 @@ func render(dot *helmette.Dot) []kube.Object { CRDJobServiceAccount(dot), } - for _, role := range Roles(dot) { - manifests = append(manifests, &role) - } - for _, cr := range ClusterRoles(dot) { manifests = append(manifests, &cr) } - for _, rb := range RoleBindings(dot) { - manifests = append(manifests, &rb) - } - for _, crb := range ClusterRoleBindings(dot) { manifests = append(manifests, &crb) } diff --git a/operator/chart/chart_test.go b/operator/chart/chart_test.go index 1a703db4c..f50d38167 100644 --- a/operator/chart/chart_test.go +++ b/operator/chart/chart_test.go @@ -19,6 +19,7 @@ import ( "strconv" "strings" "testing" + "time" fuzz "github.com/google/gofuzz" "github.com/santhosh-tekuri/jsonschema/v5" @@ -27,18 +28,25 @@ import ( "golang.org/x/tools/txtar" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" + apimeta "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" "github.com/redpanda-data/redpanda-operator/charts/redpanda/v5" "github.com/redpanda-data/redpanda-operator/gotohelm/helmette" + redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" "github.com/redpanda-data/redpanda-operator/operator/cmd/run" + "github.com/redpanda-data/redpanda-operator/operator/internal/controller" + "github.com/redpanda-data/redpanda-operator/operator/internal/statuses" "github.com/redpanda-data/redpanda-operator/pkg/helm" + "github.com/redpanda-data/redpanda-operator/pkg/k3d" "github.com/redpanda-data/redpanda-operator/pkg/kube" "github.com/redpanda-data/redpanda-operator/pkg/testutil" + "github.com/redpanda-data/redpanda-operator/pkg/vcluster" ) type ImageAnnotation struct { @@ -46,6 +54,165 @@ type ImageAnnotation struct { Image string `json:"image"` } +func TestIntegrationChart(t *testing.T) { + testutil.SkipIfNotIntegration(t) + + host, err := k3d.GetShared() + require.NoError(t, err) + + require.NoError(t, host.ImportImage("localhost/redpanda-operator:dev")) + + isStable := func(rp *redpandav1alpha2.Redpanda, err error) (bool, error) { + if err != nil { + return false, err + } + + stable := apimeta.FindStatusCondition(rp.Status.Conditions, statuses.ClusterStable) + if stable == nil { + return false, nil + } + + ready := stable.Status == metav1.ConditionTrue + upToDate := rp.Generation == stable.ObservedGeneration + return upToDate && ready, nil + } + + t.Run("default", func(t *testing.T) { + t.Parallel() + + cluster := vcluster.ForTest(t, host) + + ctl, err := kube.FromRESTConfig(cluster.RESTConfig(), kube.Options{ + Options: client.Options{ + Scheme: controller.V2Scheme, + }, + }) + require.NoError(t, err) + + configForCLITools, err := cluster.PortForwardedRESTConfig(t.Context()) + require.NoError(t, err) + + helmClient, err := helm.New(helm.Options{ + KubeConfig: configForCLITools, + ConfigHome: testutil.TempDir(t), + }) + require.NoError(t, err) + + operatorNamespace := "redpanda-operator" + operatorChart := "." + + release, err := helmClient.Install(t.Context(), operatorChart, helm.InstallOptions{ + CreateNamespace: true, + Name: operatorNamespace, + Namespace: operatorNamespace, + Values: PartialValues{ + CRDs: &PartialCRDs{Enabled: ptr.To(true)}, + Image: &PartialImage{ + Repository: ptr.To("localhost/redpanda-operator"), + PullPolicy: ptr.To(corev1.PullNever), + Tag: ptr.To("dev"), + }, + }, + }) + require.NoError(t, err) + + // Create Redpanda resource in namespace where operator is deployed along with 2 new Redpandas custom resources in different namespaces + require.NoError(t, kube.ApplyAll(t.Context(), ctl, + &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{Name: "rp-2"}, + }, + &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{Name: "rp-3"}, + })) + + // Apply 3 redpanda CRs across different namespaces (included the one + // the operator is installed in) and observe that they eventually + // become stable. + require.NoError(t, kube.ApplyAllAndWait( + t.Context(), + ctl, + isStable, + testRP("rp-1", release.Namespace), + testRP("rp-2", "rp-2"), + testRP("rp-3", "rp-3"), + )) + }) + + t.Run("namespaced", func(t *testing.T) { + t.Parallel() + + cluster := vcluster.ForTest(t, host) + + ctl, err := kube.FromRESTConfig(cluster.RESTConfig(), kube.Options{ + Options: client.Options{ + Scheme: controller.V2Scheme, + }, + }) + require.NoError(t, err) + + configForCLITools, err := cluster.PortForwardedRESTConfig(t.Context()) + require.NoError(t, err) + + helmClient, err := helm.New(helm.Options{ + KubeConfig: configForCLITools, + ConfigHome: testutil.TempDir(t), + }) + require.NoError(t, err) + + operatorNamespace := "redpanda-operator" + operatorChart := "." + + release, err := helmClient.Install(t.Context(), operatorChart, helm.InstallOptions{ + CreateNamespace: true, + Name: operatorNamespace, + Namespace: operatorNamespace, + Values: PartialValues{ + CRDs: &PartialCRDs{Enabled: ptr.To(true)}, + AdditionalCmdFlags: []string{fmt.Sprintf("--namespace=%s", operatorNamespace)}, + Image: &PartialImage{ + Repository: ptr.To("localhost/redpanda-operator"), + PullPolicy: ptr.To(corev1.PullNever), + Tag: ptr.To("dev"), + }, + }, + }) + require.NoError(t, err) + + // Create Redpanda resource in namespace where operator is deployed, but other Redpanda resources in different namespaces + // will not be reconciled + require.NoError(t, kube.ApplyAll(t.Context(), ctl, + &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{Name: "rp-2"}, + }, + &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{Name: "rp-3"}, + })) + + // Assert that we can create a redpanda CR that becomes stable in the namespace specified by --namespace. + require.NoError(t, kube.ApplyAndWait(t.Context(), ctl, testRP("rp-1", release.Namespace), isStable)) + + // redpanda CR's created in other namespaces will not be reconciled. + require.NoError(t, kube.ApplyAllAndWait(t.Context(), ctl, + func(rp *redpandav1alpha2.Redpanda, err error) (bool, error) { + if err != nil { + return false, err + } + + // We define "not reconciled" as not having an ObservedGeneration set for at least 5 seconds. + return time.Since(rp.CreationTimestamp.Time) >= 5*time.Second && rp.Generation != 0 && rp.Status.ObservedGeneration == 0, nil + }, + testRP("rp-2", "rp-2"), + testRP("rp-3", "rp-3"))) + }) +} + +func testRP(name string, namespace string) *redpandav1alpha2.Redpanda { + return &redpandav1alpha2.Redpanda{ + ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}, + Spec: redpandav1alpha2.MinimalRedpandaSpec(), + } +} + func TestChartYaml(t *testing.T) { const changieCmd = "changie latest -j operator" const operatorRepo = "docker.redpanda.com/redpandadata/redpanda-operator" @@ -88,19 +255,13 @@ func TestRBACBindings(t *testing.T) { }, }, { - name: "rpk-debug-bundle", + name: "vectorized-controllers", values: PartialValues{ - RBAC: &PartialRBAC{ - CreateRPKBundleCRs: ptr.To(true), + VectorizedControllers: &PartialVectorizedControllers{ + Enabled: ptr.To(true), }, }, }, - { - name: "cluster-scope", - values: PartialValues{ - Scope: ptr.To(Cluster), - }, - }, } for _, tc := range testCases { @@ -194,7 +355,8 @@ func TestRBACIsSuperSetOfRedpanda(t *testing.T) { redpandaClusterRoleRules, redpandaRoleRules := ExtractRules(redpandaObjs) operatorClusterRoleRules, operatorRoleRules := ExtractRules(operatorObjs) - assertRulesSuperSet(t, operatorRoleRules, redpandaRoleRules) + require.Empty(t, operatorRoleRules, "all operator permissions should be created in the cluster scope") + assertRulesSuperSet(t, operatorClusterRoleRules, redpandaRoleRules) assertRulesSuperSet(t, operatorClusterRoleRules, redpandaClusterRoleRules) }) } @@ -320,49 +482,38 @@ func TestGenerateCases(t *testing.T) { require.NoError(t, err) files := make([]txtar.File, 0, 100) - for _, scope := range []OperatorScope{Namespace, Cluster} { - nilChance := float64(0.8) - for i := 0; i < 50; i++ { - // Every 5 iterations, decrease nil chance to ensure that we're biased - // towards exploring most cases. - if i%5 == 0 && nilChance > .1 { - nilChance -= .1 - } + nilChance := float64(0.8) + for i := 0; i < 50; i++ { + // Every 5 iterations, decrease nil chance to ensure that we're biased + // towards exploring most cases. + if i%5 == 0 && nilChance > .1 { + nilChance -= .1 + } - var values PartialValues - fuzzer.NilChance(nilChance).Fuzz(&values) - // Special case as fuzzer does not assign correctly scope - values.Scope = &scope - if scope == Cluster { - values.Webhook = &PartialWebhook{Enabled: ptr.To(true)} - } else { - values.Webhook = &PartialWebhook{Enabled: ptr.To(false)} - } - makeSureTagIsNotEmptyString(values, fuzzer) + var values PartialValues + fuzzer.NilChance(nilChance).Fuzz(&values) + // Special case as fuzzer does not assign correctly scope + makeSureTagIsNotEmptyString(values, fuzzer) - out, err := yaml.Marshal(values) - require.NoError(t, err) + out, err := yaml.Marshal(values) + require.NoError(t, err) - merged, err := helm.MergeYAMLValues(DefaultValuesYAML, out) - require.NoError(t, err) + merged, err := helm.MergeYAMLValues(DefaultValuesYAML, out) + require.NoError(t, err) - // Ensure that our generated values comply with the schema set by the chart. - if err := schema.Validate(merged); err != nil { - t.Logf("Generated invalid values; trying again...\n%v", err) - i-- - continue - } + // Ensure that our generated values comply with the schema set by the chart. + if err := schema.Validate(merged); err != nil { + t.Logf("Generated invalid values; trying again...\n%v", err) + i-- + continue + } - index := i - if scope == Cluster { - index += 50 - } + index := i - files = append(files, txtar.File{ - Name: fmt.Sprintf("case-%03d", index), - Data: out, - }) - } + files = append(files, txtar.File{ + Name: fmt.Sprintf("case-%03d", index), + Data: out, + }) } archive := txtar.Format(&txtar.Archive{ diff --git a/operator/chart/deployment.go b/operator/chart/deployment.go index cc46f40f3..04347ea5e 100644 --- a/operator/chart/deployment.go +++ b/operator/chart/deployment.go @@ -207,12 +207,6 @@ func containerImage(dot *helmette.Dot) string { return fmt.Sprintf("%s:%s", values.Image.Repository, tag) } -func isWebhookEnabled(dot *helmette.Dot) bool { - values := helmette.Unwrap[Values](dot.Values) - - return values.Webhook.Enabled && values.Scope == Cluster -} - func operatorPodVolumes(dot *helmette.Dot) []corev1.Volume { values := helmette.Unwrap[Values](dot.Values) @@ -220,7 +214,7 @@ func operatorPodVolumes(dot *helmette.Dot) []corev1.Volume { serviceAccountTokenVolume(), } - if !isWebhookEnabled(dot) { + if !values.Webhook.Enabled { return vol } @@ -296,9 +290,11 @@ func serviceAccountTokenVolumeMount() corev1.VolumeMount { } func operatorPodVolumesMounts(dot *helmette.Dot) []corev1.VolumeMount { + values := helmette.Unwrap[Values](dot.Values) + volMount := []corev1.VolumeMount{serviceAccountTokenVolumeMount()} - if !isWebhookEnabled(dot) { + if !values.Webhook.Enabled { return volMount } @@ -318,21 +314,19 @@ func operatorArguments(dot *helmette.Dot) []string { "--health-probe-bind-address=:8081", "--metrics-bind-address=:8443", "--leader-elect", - fmt.Sprintf("--webhook-enabled=%t", isWebhookEnabled(dot)), + fmt.Sprintf("--log-level=%s", values.LogLevel), + fmt.Sprintf("--webhook-enabled=%t", values.Webhook.Enabled), } - if isWebhookEnabled(dot) { + if values.Webhook.Enabled { args = append(args, "--webhook-enabled=true", fmt.Sprintf("--webhook-cert-path=%s", webhookCertificatePath), ) } - if values.Scope == Namespace { - args = append(args, - fmt.Sprintf("--namespace=%s", dot.Release.Namespace), - fmt.Sprintf("--log-level=%s", values.LogLevel), - ) + if values.VectorizedControllers.Enabled { + args = append(args, "--enable-vectorized-controllers") } hasConfiguratorTag := false diff --git a/operator/chart/files/rbac/old-decommission.ClusterRole.yaml b/operator/chart/files/rbac/old-decommission.ClusterRole.yaml index 6cf56c567..61fbdaae9 100644 --- a/operator/chart/files/rbac/old-decommission.ClusterRole.yaml +++ b/operator/chart/files/rbac/old-decommission.ClusterRole.yaml @@ -8,11 +8,23 @@ rules: - "" resources: - configmaps + - pods - secrets verbs: - get - list - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -23,6 +35,13 @@ rules: - patch - update - watch + - apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update - apiGroups: - cluster.redpanda.com resources: diff --git a/operator/chart/files/rbac/old-decommission.Role.yaml b/operator/chart/files/rbac/old-decommission.Role.yaml deleted file mode 100644 index 720c564ce..000000000 --- a/operator/chart/files/rbac/old-decommission.Role.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: old-decommission - namespace: default -rules: - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - patch - - update diff --git a/operator/chart/files/rbac/v2-manager.ClusterRole.yaml b/operator/chart/files/rbac/v2-manager.ClusterRole.yaml index 1370691d3..7b724e558 100644 --- a/operator/chart/files/rbac/v2-manager.ClusterRole.yaml +++ b/operator/chart/files/rbac/v2-manager.ClusterRole.yaml @@ -4,6 +4,87 @@ kind: ClusterRole metadata: name: v2-manager rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cluster.redpanda.com resources: @@ -48,11 +129,62 @@ rules: - patch - update - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create - delete diff --git a/operator/chart/files/rbac/v2-manager.Role.yaml b/operator/chart/files/rbac/v2-manager.Role.yaml deleted file mode 100644 index 0a35eeb83..000000000 --- a/operator/chart/files/rbac/v2-manager.Role.yaml +++ /dev/null @@ -1,150 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: v2-manager - namespace: default -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - certificates - - issuers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/operator/chart/pre_install_crd_job.go b/operator/chart/pre_install_crd_job.go index e4c4b1af2..f3bf974cb 100644 --- a/operator/chart/pre_install_crd_job.go +++ b/operator/chart/pre_install_crd_job.go @@ -23,8 +23,6 @@ import ( // This is a pre-install job as the operator will crash loop without the CRDs // which deadlocks helm install commands. -// It, it's ServiceAccount, ClusterRole, and ClusterRoleBindings are all -// executed as a helm hook and removed upon success (or failure). func PreInstallCRDJob(dot *helmette.Dot) *batchv1.Job { values := helmette.Unwrap[Values](dot.Values) @@ -79,6 +77,10 @@ func crdJobContainers(dot *helmette.Dot) []corev1.Container { args = append(args, "--experimental") } + if values.VectorizedControllers.Enabled { + args = append(args, "--vectorized") + } + return []corev1.Container{ { Name: "crd-installation", diff --git a/operator/chart/rbac.go b/operator/chart/rbac.go index c935a8254..173a5051d 100644 --- a/operator/chart/rbac.go +++ b/operator/chart/rbac.go @@ -18,51 +18,47 @@ import ( ) type RBACBundle struct { - Name string - // NB: Subject is currently only used by ClusterRoles as we'll be moving to ClusterScope soon. - Subject string Enabled bool - RuleFiles []string + Name string + Subject string + RuleFiles map[string]bool Annotations map[string]string } -func clusterRoleBundles(dot *helmette.Dot) []RBACBundle { +func rbacBundles(dot *helmette.Dot) []RBACBundle { values := helmette.Unwrap[Values](dot.Values) - if !values.RBAC.Create { - return nil - } - return []RBACBundle{ { Name: Fullname(dot), + Enabled: true, Subject: ServiceAccountName(dot), - Enabled: values.Scope == Cluster, - RuleFiles: []string{ - "files/rbac/leader-election.ClusterRole.yaml", - "files/rbac/pvcunbinder.ClusterRole.yaml", - "files/rbac/rack-awareness.ClusterRole.yaml", // Rack awareness is a toggle on the CR, so we always need RBAC for it. - "files/rbac/v1-manager.ClusterRole.yaml", - }, - }, - { - Name: Fullname(dot), - Subject: ServiceAccountName(dot), - Enabled: values.Scope == Namespace, - RuleFiles: []string{ - "files/rbac/leader-election.ClusterRole.yaml", - "files/rbac/v2-manager.ClusterRole.yaml", + RuleFiles: map[string]bool{ + "files/rbac/leader-election.ClusterRole.yaml": true, + "files/rbac/leader-election.Role.yaml": true, + "files/rbac/pvcunbinder.ClusterRole.yaml": true, + "files/rbac/pvcunbinder.Role.yaml": true, + "files/rbac/rack-awareness.ClusterRole.yaml": true, // Rack awareness is a toggle on the CR, so we always need RBAC for it. + "files/rbac/rpk-debug-bundle.Role.yaml": true, // debug bundle permissions is a toggle on the CR, so we always need RBAC for it. + "files/rbac/sidecar.Role.yaml": true, // Sidecar is a toggle on the CR, so we always need RBAC for it. + "files/rbac/v1-manager.ClusterRole.yaml": values.VectorizedControllers.Enabled, + "files/rbac/v1-manager.Role.yaml": values.VectorizedControllers.Enabled, + "files/rbac/v2-manager.ClusterRole.yaml": true, }, }, { Name: cleanForK8sWithSuffix(Fullname(dot), "additional-controllers"), + Enabled: values.RBAC.CreateAdditionalControllerCRs, Subject: ServiceAccountName(dot), - Enabled: values.Scope == Namespace && values.RBAC.CreateAdditionalControllerCRs, - RuleFiles: []string{ - "files/rbac/decommission.ClusterRole.yaml", - "files/rbac/node-watcher.ClusterRole.yaml", // Deprecated but not yet removed. - "files/rbac/old-decommission.ClusterRole.yaml", // Deprecated but not yet removed. - "files/rbac/pvcunbinder.ClusterRole.yaml", + RuleFiles: map[string]bool{ + "files/rbac/decommission.ClusterRole.yaml": true, + "files/rbac/decommission.Role.yaml": true, + "files/rbac/node-watcher.ClusterRole.yaml": true, // Deprecated but not yet removed. + "files/rbac/node-watcher.Role.yaml": true, // Deprecated but not yet removed. + "files/rbac/old-decommission.ClusterRole.yaml": true, // Deprecated but not yet removed. + "files/rbac/old-decommission.Role.yaml": true, // Deprecated but not yet removed. + "files/rbac/pvcunbinder.ClusterRole.yaml": true, + "files/rbac/pvcunbinder.Role.yaml": true, }, }, // ClusterRole for the CRD installation Job. @@ -75,8 +71,8 @@ func clusterRoleBundles(dot *helmette.Dot) []RBACBundle { "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded,hook-failed", "helm.sh/hook-weight": "-10", }, - RuleFiles: []string{ - "files/rbac/crd-installation.ClusterRole.yaml", + RuleFiles: map[string]bool{ + "files/rbac/crd-installation.ClusterRole.yaml": true, }, }, } @@ -97,7 +93,7 @@ func ClusterRoles(dot *helmette.Dot) []rbacv1.ClusterRole { Kind: "ClusterRole", }, ObjectMeta: metav1.ObjectMeta{ - Name: cleanForK8sWithSuffix(Fullname(dot), "metrics-reader"), + Name: cleanForK8sWithSuffix(Fullname(dot)+"-"+dot.Release.Namespace, "metrics-reader"), Labels: Labels(dot), Annotations: values.Annotations, }, @@ -110,13 +106,17 @@ func ClusterRoles(dot *helmette.Dot) []rbacv1.ClusterRole { }, } - for _, bundle := range clusterRoleBundles(dot) { + for _, bundle := range rbacBundles(dot) { if !bundle.Enabled { continue } var rules []rbacv1.PolicyRule - for _, file := range bundle.RuleFiles { + for file, enabled := range helmette.SortedMap(bundle.RuleFiles) { + if !enabled { + continue + } + clusterRole := helmette.FromYaml[rbacv1.ClusterRole](dot.Files.Get(file)) rules = append(rules, clusterRole.Rules...) } @@ -141,85 +141,6 @@ func ClusterRoles(dot *helmette.Dot) []rbacv1.ClusterRole { return clusterRoles } -func Roles(dot *helmette.Dot) []rbacv1.Role { - values := helmette.Unwrap[Values](dot.Values) - - if !values.RBAC.Create { - return nil - } - - bundles := []RBACBundle{ - { - Name: cleanForK8sWithSuffix(Fullname(dot), "election-role"), - Enabled: true, - RuleFiles: []string{ - "files/rbac/leader-election.Role.yaml", - }, - }, - { - Name: Fullname(dot), - Enabled: values.Scope == Cluster, - RuleFiles: []string{ - "files/rbac/pvcunbinder.Role.yaml", - }, - }, - { - Name: Fullname(dot), - Enabled: values.Scope == Namespace, - RuleFiles: []string{ - "files/rbac/sidecar.Role.yaml", // Sidecar is a toggle on the CR, so we always need RBAC for it. - "files/rbac/v2-manager.Role.yaml", - }, - }, - { - Name: Fullname(dot) + "-additional-controllers", - Enabled: values.Scope == Namespace && values.RBAC.CreateAdditionalControllerCRs, - RuleFiles: []string{ - "files/rbac/decommission.Role.yaml", - "files/rbac/node-watcher.Role.yaml", // Deprecated but not yet removed. - "files/rbac/old-decommission.Role.yaml", // Deprecated but not yet removed. - "files/rbac/pvcunbinder.Role.yaml", - }, - }, - { - Name: cleanForK8sWithSuffix(Fullname(dot), "rpk-bundle"), - Enabled: values.RBAC.CreateRPKBundleCRs, - RuleFiles: []string{ - "files/rbac/rpk-debug-bundle.Role.yaml", - }, - }, - } - - var roles []rbacv1.Role - for _, bundle := range bundles { - if !bundle.Enabled { - continue - } - - var rules []rbacv1.PolicyRule - for _, file := range bundle.RuleFiles { - clusterRole := helmette.FromYaml[rbacv1.Role](dot.Files.Get(file)) - rules = append(rules, clusterRole.Rules...) - } - - roles = append(roles, rbacv1.Role{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "rbac.authorization.k8s.io/v1", - Kind: "Role", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: bundle.Name, - Namespace: dot.Release.Namespace, - Labels: Labels(dot), - Annotations: values.Annotations, - }, - Rules: rules, - }) - } - - return roles -} - func ClusterRoleBindings(dot *helmette.Dot) []rbacv1.ClusterRoleBinding { values := helmette.Unwrap[Values](dot.Values) @@ -229,7 +150,7 @@ func ClusterRoleBindings(dot *helmette.Dot) []rbacv1.ClusterRoleBinding { // NB: We skip over making a binding for the metrics viewer role. var bindings []rbacv1.ClusterRoleBinding - for _, bundle := range clusterRoleBundles(dot) { + for _, bundle := range rbacBundles(dot) { if !bundle.Enabled { continue } @@ -264,41 +185,3 @@ func ClusterRoleBindings(dot *helmette.Dot) []rbacv1.ClusterRoleBinding { return bindings } - -func RoleBindings(dot *helmette.Dot) []rbacv1.RoleBinding { - values := helmette.Unwrap[Values](dot.Values) - - if !values.RBAC.Create { - return nil - } - - var bindings []rbacv1.RoleBinding - for _, role := range Roles(dot) { - bindings = append(bindings, rbacv1.RoleBinding{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "rbac.authorization.k8s.io/v1", - Kind: "RoleBinding", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: role.ObjectMeta.Name, - Namespace: dot.Release.Namespace, - Labels: Labels(dot), - Annotations: values.Annotations, - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "Role", - Name: role.ObjectMeta.Name, - }, - Subjects: []rbacv1.Subject{ - { - Kind: "ServiceAccount", - Name: ServiceAccountName(dot), - Namespace: dot.Release.Namespace, - }, - }, - }) - } - - return bindings -} diff --git a/operator/chart/service.go b/operator/chart/service.go index eb5270efb..00bbae9f9 100644 --- a/operator/chart/service.go +++ b/operator/chart/service.go @@ -25,7 +25,7 @@ import ( func WebhookService(dot *helmette.Dot) *corev1.Service { values := helmette.Unwrap[Values](dot.Values) - if !(values.Webhook.Enabled && values.Scope == Cluster) { + if !values.Webhook.Enabled { return nil } @@ -82,7 +82,7 @@ func MetricsService(dot *helmette.Dot) *corev1.Service { func MutatingWebhookConfiguration(dot *helmette.Dot) *admissionregistrationv1.MutatingWebhookConfiguration { values := helmette.Unwrap[Values](dot.Values) - if !values.Webhook.Enabled || values.Scope != "Cluster" { + if !values.Webhook.Enabled { return nil } @@ -132,7 +132,7 @@ func MutatingWebhookConfiguration(dot *helmette.Dot) *admissionregistrationv1.Mu func ValidatingWebhookConfiguration(dot *helmette.Dot) *admissionregistrationv1.ValidatingWebhookConfiguration { values := helmette.Unwrap[Values](dot.Values) - if !values.Webhook.Enabled || values.Scope != "Cluster" { + if !values.Webhook.Enabled { return nil } diff --git a/operator/chart/templates/_chart.go.tpl b/operator/chart/templates/_chart.go.tpl index c9f1fc21f..6c48b59a7 100644 --- a/operator/chart/templates/_chart.go.tpl +++ b/operator/chart/templates/_chart.go.tpl @@ -5,24 +5,12 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $manifests := (list (get (fromJson (include "operator.Issuer" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.Certificate" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ConfigMap" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.MetricsService" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.WebhookService" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.MutatingWebhookConfiguration" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ValidatingWebhookConfiguration" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ServiceAccount" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ServiceMonitor" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.Deployment" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.PreInstallCRDJob" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.CRDJobServiceAccount" (dict "a" (list $dot)))) "r")) -}} -{{- range $_, $role := (get (fromJson (include "operator.Roles" (dict "a" (list $dot)))) "r") -}} -{{- $manifests = (concat (default (list) $manifests) (list $role)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} {{- range $_, $cr := (get (fromJson (include "operator.ClusterRoles" (dict "a" (list $dot)))) "r") -}} {{- $manifests = (concat (default (list) $manifests) (list $cr)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $rb := (get (fromJson (include "operator.RoleBindings" (dict "a" (list $dot)))) "r") -}} -{{- $manifests = (concat (default (list) $manifests) (list $rb)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} {{- range $_, $crb := (get (fromJson (include "operator.ClusterRoleBindings" (dict "a" (list $dot)))) "r") -}} {{- $manifests = (concat (default (list) $manifests) (list $crb)) -}} {{- end -}} diff --git a/operator/chart/templates/_deployment.go.tpl b/operator/chart/templates/_deployment.go.tpl index 14da09d5e..636301063 100644 --- a/operator/chart/templates/_deployment.go.tpl +++ b/operator/chart/templates/_deployment.go.tpl @@ -89,24 +89,13 @@ {{- end -}} {{- end -}} -{{- define "operator.isWebhookEnabled" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $values := $dot.Values.AsMap -}} -{{- $_is_returning = true -}} -{{- (dict "r" (and $values.webhook.enabled (eq $values.scope "Cluster"))) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - {{- define "operator.operatorPodVolumes" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $vol := (list (get (fromJson (include "operator.serviceAccountTokenVolume" (dict "a" (list)))) "r")) -}} -{{- if (not (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r")) -}} +{{- if (not $values.webhook.enabled) -}} {{- $_is_returning = true -}} {{- (dict "r" $vol) | toJson -}} {{- break -}} @@ -140,8 +129,9 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} {{- $volMount := (list (get (fromJson (include "operator.serviceAccountTokenVolumeMount" (dict "a" (list)))) "r")) -}} -{{- if (not (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r")) -}} +{{- if (not $values.webhook.enabled) -}} {{- $_is_returning = true -}} {{- (dict "r" $volMount) | toJson -}} {{- break -}} @@ -158,12 +148,12 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $args := (list "--health-probe-bind-address=:8081" "--metrics-bind-address=:8443" "--leader-elect" (printf "--webhook-enabled=%t" (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r"))) -}} -{{- if (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r") -}} +{{- $args := (list "--health-probe-bind-address=:8081" "--metrics-bind-address=:8443" "--leader-elect" (printf "--log-level=%s" $values.logLevel) (printf "--webhook-enabled=%t" $values.webhook.enabled)) -}} +{{- if $values.webhook.enabled -}} {{- $args = (concat (default (list) $args) (list "--webhook-enabled=true" (printf "--webhook-cert-path=%s" "/tmp/k8s-webhook-server/serving-certs"))) -}} {{- end -}} -{{- if (eq $values.scope "Namespace") -}} -{{- $args = (concat (default (list) $args) (list (printf "--namespace=%s" $dot.Release.Namespace) (printf "--log-level=%s" $values.logLevel))) -}} +{{- if $values.vectorizedControllers.enabled -}} +{{- $args = (concat (default (list) $args) (list "--enable-vectorized-controllers")) -}} {{- end -}} {{- $hasConfiguratorTag := false -}} {{- $hasConfiguratorImage := false -}} diff --git a/operator/chart/templates/_post-install-crd-job.go.tpl b/operator/chart/templates/_post-install-crd-job.go.tpl index 5bcd5d197..f0e4f36d3 100644 --- a/operator/chart/templates/_post-install-crd-job.go.tpl +++ b/operator/chart/templates/_post-install-crd-job.go.tpl @@ -25,6 +25,9 @@ {{- if $values.crds.experimental -}} {{- $args = (concat (default (list) $args) (list "--experimental")) -}} {{- end -}} +{{- if $values.vectorizedControllers.enabled -}} +{{- $args = (concat (default (list) $args) (list "--vectorized")) -}} +{{- end -}} {{- $_is_returning = true -}} {{- (dict "r" (list (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "crd-installation" "image" (get (fromJson (include "operator.containerImage" (dict "a" (list $dot)))) "r") "imagePullPolicy" $values.image.pullPolicy "command" (list "/redpanda-operator") "args" $args "securityContext" (mustMergeOverwrite (dict) (dict "allowPrivilegeEscalation" false)) "volumeMounts" (list (get (fromJson (include "operator.serviceAccountTokenVolumeMount" (dict "a" (list)))) "r")) "resources" $values.resources)))) | toJson -}} {{- break -}} diff --git a/operator/chart/templates/_rbac.go.tpl b/operator/chart/templates/_rbac.go.tpl index 7145a00fd..4cda58d46 100644 --- a/operator/chart/templates/_rbac.go.tpl +++ b/operator/chart/templates/_rbac.go.tpl @@ -1,17 +1,12 @@ {{- /* Generated from "rbac.go" */ -}} -{{- define "operator.clusterRoleBundles" -}} +{{- define "operator.rbacBundles" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (not $values.rbac.create) -}} {{- $_is_returning = true -}} -{{- (dict "r" (coalesce nil)) | toJson -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" (list (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Subject" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml" "files/rbac/rack-awareness.ClusterRole.yaml" "files/rbac/v1-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Subject" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/v2-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "additional-controllers")))) "r") "Subject" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.ClusterRole.yaml" "files/rbac/node-watcher.ClusterRole.yaml" "files/rbac/old-decommission.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.CRDJobServiceAccountName" (dict "a" (list $dot)))) "r") "Enabled" (or $values.crds.enabled $values.crds.experimental) "Subject" (get (fromJson (include "operator.CRDJobServiceAccountName" (dict "a" (list $dot)))) "r") "Annotations" (dict "helm.sh/hook" "pre-install,pre-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation,hook-succeeded,hook-failed" "helm.sh/hook-weight" "-10") "RuleFiles" (list "files/rbac/crd-installation.ClusterRole.yaml"))))) | toJson -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "Enabled" false "Name" "" "Subject" "" "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" true "Subject" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "RuleFiles" (dict "files/rbac/leader-election.ClusterRole.yaml" true "files/rbac/leader-election.Role.yaml" true "files/rbac/pvcunbinder.ClusterRole.yaml" true "files/rbac/pvcunbinder.Role.yaml" true "files/rbac/rack-awareness.ClusterRole.yaml" true "files/rbac/rpk-debug-bundle.Role.yaml" true "files/rbac/sidecar.Role.yaml" true "files/rbac/v1-manager.ClusterRole.yaml" $values.vectorizedControllers.enabled "files/rbac/v1-manager.Role.yaml" $values.vectorizedControllers.enabled "files/rbac/v2-manager.ClusterRole.yaml" true))) (mustMergeOverwrite (dict "Enabled" false "Name" "" "Subject" "" "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "additional-controllers")))) "r") "Enabled" $values.rbac.createAdditionalControllerCRs "Subject" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "RuleFiles" (dict "files/rbac/decommission.ClusterRole.yaml" true "files/rbac/decommission.Role.yaml" true "files/rbac/node-watcher.ClusterRole.yaml" true "files/rbac/node-watcher.Role.yaml" true "files/rbac/old-decommission.ClusterRole.yaml" true "files/rbac/old-decommission.Role.yaml" true "files/rbac/pvcunbinder.ClusterRole.yaml" true "files/rbac/pvcunbinder.Role.yaml" true))) (mustMergeOverwrite (dict "Enabled" false "Name" "" "Subject" "" "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.CRDJobServiceAccountName" (dict "a" (list $dot)))) "r") "Enabled" (or $values.crds.enabled $values.crds.experimental) "Subject" (get (fromJson (include "operator.CRDJobServiceAccountName" (dict "a" (list $dot)))) "r") "Annotations" (dict "helm.sh/hook" "pre-install,pre-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation,hook-succeeded,hook-failed" "helm.sh/hook-weight" "-10") "RuleFiles" (dict "files/rbac/crd-installation.ClusterRole.yaml" true))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -26,61 +21,29 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $clusterRoles := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "metrics-reader")))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil)) (dict "verbs" (list "get") "nonResourceURLs" (list "/metrics"))))))) -}} -{{- range $_, $bundle := (get (fromJson (include "operator.clusterRoleBundles" (dict "a" (list $dot)))) "r") -}} +{{- $clusterRoles := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (printf "%s%s" (printf "%s%s" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "-") $dot.Release.Namespace) "metrics-reader")))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil)) (dict "verbs" (list "get") "nonResourceURLs" (list "/metrics"))))))) -}} +{{- range $_, $bundle := (get (fromJson (include "operator.rbacBundles" (dict "a" (list $dot)))) "r") -}} {{- if (not $bundle.Enabled) -}} {{- continue -}} {{- end -}} {{- $rules := (coalesce nil) -}} -{{- range $_, $file := $bundle.RuleFiles -}} -{{- $clusterRole := (get (fromJson (include "_shims.fromYaml" (dict "a" (list ($dot.Files.Get $file))))) "r") -}} -{{- $rules = (concat (default (list) $rules) (default (list) $clusterRole.rules)) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $clusterRoles = (concat (default (list) $clusterRoles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s%s" (printf "%s%s" $bundle.Name "-") $dot.Release.Namespace) "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" (merge (dict) (default (dict) $values.annotations) (default (dict) $bundle.Annotations)))) "rules" $rules)))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $clusterRoles) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - -{{- define "operator.Roles" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $values := $dot.Values.AsMap -}} -{{- if (not $values.rbac.create) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (coalesce nil)) | toJson -}} -{{- break -}} -{{- end -}} -{{- $bundles := (list (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "election-role")))) "r") "Enabled" true "RuleFiles" (list "files/rbac/leader-election.Role.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/sidecar.Role.yaml" "files/rbac/v2-manager.Role.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (printf "%s%s" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "-additional-controllers") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.Role.yaml" "files/rbac/node-watcher.Role.yaml" "files/rbac/old-decommission.Role.yaml" "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Name" "" "Subject" "" "Enabled" false "RuleFiles" (coalesce nil) "Annotations" (coalesce nil)) (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "rpk-bundle")))) "r") "Enabled" $values.rbac.createRPKBundleCRs "RuleFiles" (list "files/rbac/rpk-debug-bundle.Role.yaml")))) -}} -{{- $roles := (coalesce nil) -}} -{{- range $_, $bundle := $bundles -}} -{{- if (not $bundle.Enabled) -}} +{{- range $file, $enabled := $bundle.RuleFiles -}} +{{- if (not $enabled) -}} {{- continue -}} {{- end -}} -{{- $rules := (coalesce nil) -}} -{{- range $_, $file := $bundle.RuleFiles -}} {{- $clusterRole := (get (fromJson (include "_shims.fromYaml" (dict "a" (list ($dot.Files.Get $file))))) "r") -}} {{- $rules = (concat (default (list) $rules) (default (list) $clusterRole.rules)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $roles = (concat (default (list) $roles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $bundle.Name "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" $rules)))) -}} +{{- $clusterRoles = (concat (default (list) $clusterRoles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s%s" (printf "%s%s" $bundle.Name "-") $dot.Release.Namespace) "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" (merge (dict) (default (dict) $values.annotations) (default (dict) $bundle.Annotations)))) "rules" $rules)))) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" $roles) | toJson -}} +{{- (dict "r" $clusterRoles) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -96,7 +59,7 @@ {{- break -}} {{- end -}} {{- $bindings := (coalesce nil) -}} -{{- range $_, $bundle := (get (fromJson (include "operator.clusterRoleBundles" (dict "a" (list $dot)))) "r") -}} +{{- range $_, $bundle := (get (fromJson (include "operator.rbacBundles" (dict "a" (list $dot)))) "r") -}} {{- if (not $bundle.Enabled) -}} {{- continue -}} {{- end -}} @@ -111,26 +74,3 @@ {{- end -}} {{- end -}} -{{- define "operator.RoleBindings" -}} -{{- $dot := (index .a 0) -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} -{{- $values := $dot.Values.AsMap -}} -{{- if (not $values.rbac.create) -}} -{{- $_is_returning = true -}} -{{- (dict "r" (coalesce nil)) | toJson -}} -{{- break -}} -{{- end -}} -{{- $bindings := (coalesce nil) -}} -{{- range $_, $role := (get (fromJson (include "operator.Roles" (dict "a" (list $dot)))) "r") -}} -{{- $bindings = (concat (default (list) $bindings) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "roleRef" (dict "apiGroup" "" "kind" "" "name" "")) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $role.metadata.name "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "") (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" $role.metadata.name)) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "") (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace))))))) -}} -{{- end -}} -{{- if $_is_returning -}} -{{- break -}} -{{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $bindings) | toJson -}} -{{- break -}} -{{- end -}} -{{- end -}} - diff --git a/operator/chart/templates/_service.go.tpl b/operator/chart/templates/_service.go.tpl index 3d555ae5d..7194f51ab 100644 --- a/operator/chart/templates/_service.go.tpl +++ b/operator/chart/templates/_service.go.tpl @@ -5,7 +5,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (not ((and $values.webhook.enabled (eq $values.scope "Cluster")))) -}} +{{- if (not $values.webhook.enabled) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} @@ -32,7 +32,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (or (not $values.webhook.enabled) (ne $values.scope "Cluster")) -}} +{{- if (not $values.webhook.enabled) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} @@ -48,7 +48,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- if (or (not $values.webhook.enabled) (ne $values.scope "Cluster")) -}} +{{- if (not $values.webhook.enabled) -}} {{- $_is_returning = true -}} {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} diff --git a/operator/chart/testdata/template-cases.golden.txtar b/operator/chart/testdata/template-cases.golden.txtar index f32b7e1cd..5ee8481be 100644 --- a/operator/chart/testdata/template-cases.golden.txtar +++ b/operator/chart/testdata/template-cases.golden.txtar @@ -56,7 +56,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -90,9 +90,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -102,42 +102,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -146,198 +120,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -431,6 +255,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -483,6 +351,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -496,9 +366,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -506,9 +376,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -542,6 +417,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -552,6 +455,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -566,10 +479,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -578,101 +493,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -680,12 +533,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -693,9 +545,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -703,12 +555,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -773,9 +624,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-base-image=my.repo.com/configurator - --configurator-tag=XYZ - --configurator-image-pull-policy=IfNotPresent @@ -919,7 +769,7 @@ metadata: app.kubernetes.io/name: aNfgS0 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: koBY-metrics-reader + name: koBY-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -953,9 +803,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -965,199 +815,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas + - controllerrevisions verbs: - get - list - watch - apiGroups: - - "" + - apps resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: koBY-default -subjects: -- kind: ServiceAccount - name: S - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: koBY-additional-controllers-default -subjects: -- kind: ServiceAccount - name: S - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -1167,16 +932,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -1185,26 +943,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -1214,13 +956,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -1230,25 +969,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -1258,37 +981,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -1346,6 +1064,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -1359,9 +1079,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -1369,9 +1089,14 @@ metadata: app.kubernetes.io/name: aNfgS0 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: koBY-additional-controllers - namespace: default + name: koBY-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -1405,6 +1130,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -1415,6 +1168,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -1429,10 +1192,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -1441,101 +1206,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: koBY-election-role -subjects: -- kind: ServiceAccount - name: S - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aNfgS0 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: koBY - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: koBY -subjects: -- kind: ServiceAccount - name: S - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -1543,12 +1246,11 @@ metadata: app.kubernetes.io/name: aNfgS0 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: koBY-additional-controllers - namespace: default + name: koBY-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: koBY-additional-controllers + kind: ClusterRole + name: koBY-default subjects: - kind: ServiceAccount name: S @@ -1556,9 +1258,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -1566,12 +1268,11 @@ metadata: app.kubernetes.io/name: aNfgS0 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: koBY-rpk-bundle - namespace: default + name: koBY-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: koBY-rpk-bundle + kind: ClusterRole + name: koBY-additional-controllers-default subjects: - kind: ServiceAccount name: S @@ -1640,9 +1341,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=a35 + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -1841,7 +1541,7 @@ metadata: app.kubernetes.io/name: EbX3hB7N app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-metrics-reader + name: WSGbu-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -1875,9 +1575,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -1887,42 +1587,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -1931,198 +1605,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: WSGbu-default -subjects: -- kind: ServiceAccount - name: WSGbu - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: WSGbu-additional-controllers-default -subjects: -- kind: ServiceAccount - name: WSGbu - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -2216,6 +1740,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -2268,6 +1836,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -2281,9 +1851,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -2291,9 +1861,14 @@ metadata: app.kubernetes.io/name: EbX3hB7N app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-additional-controllers - namespace: default + name: WSGbu-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -2327,6 +1902,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -2337,6 +1940,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -2351,10 +1964,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -2363,101 +1978,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: WSGbu-election-role -subjects: -- kind: ServiceAccount - name: WSGbu - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: EbX3hB7N - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: WSGbu -subjects: -- kind: ServiceAccount - name: WSGbu - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -2465,12 +2018,11 @@ metadata: app.kubernetes.io/name: EbX3hB7N app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-additional-controllers - namespace: default + name: WSGbu-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: WSGbu-additional-controllers + kind: ClusterRole + name: WSGbu-default subjects: - kind: ServiceAccount name: WSGbu @@ -2478,9 +2030,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -2488,12 +2040,11 @@ metadata: app.kubernetes.io/name: EbX3hB7N app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: WSGbu-rpk-bundle - namespace: default + name: WSGbu-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: WSGbu-rpk-bundle + kind: ClusterRole + name: WSGbu-additional-controllers-default subjects: - kind: ServiceAccount name: WSGbu @@ -2558,9 +2109,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=TNizkRf0 + - --webhook-enabled=false - --configurator-tag=H6X3S - --configurator-base-image=p9Di - 3AeeXxo @@ -2717,7 +2267,7 @@ metadata: app.kubernetes.io/name: HICN app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-metrics-reader + name: Dx441G-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -2754,9 +2304,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -2766,211 +2316,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas + - controllerrevisions verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Dx441G-default -subjects: -- kind: ServiceAccount - name: Dx441G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Dx441G-additional-controllers-default -subjects: -- kind: ServiceAccount - name: Dx441G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-election-role - namespace: default -rules: -- apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -2980,16 +2433,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -2998,29 +2444,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -3030,13 +2457,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -3046,25 +2470,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -3074,37 +2482,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -3162,6 +2565,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -3175,7 +2580,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: BYFlp: 1ue @@ -3188,9 +2593,14 @@ metadata: app.kubernetes.io/name: HICN app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-additional-controllers - namespace: default + name: Dx441G-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -3224,6 +2634,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -3234,6 +2672,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -3248,10 +2696,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -3260,108 +2710,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Dx441G-election-role -subjects: -- kind: ServiceAccount - name: Dx441G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - BYFlp: 1ue - PW45cS5PlOC: K5ky3WbW - Rb: A - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: HICN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Dx441G -subjects: -- kind: ServiceAccount - name: Dx441G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: BYFlp: 1ue @@ -3374,12 +2753,11 @@ metadata: app.kubernetes.io/name: HICN app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-additional-controllers - namespace: default + name: Dx441G-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Dx441G-additional-controllers + kind: ClusterRole + name: Dx441G-default subjects: - kind: ServiceAccount name: Dx441G @@ -3387,7 +2765,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: BYFlp: 1ue @@ -3400,12 +2778,11 @@ metadata: app.kubernetes.io/name: HICN app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Dx441G-rpk-bundle - namespace: default + name: Dx441G-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Dx441G-rpk-bundle + kind: ClusterRole + name: Dx441G-additional-controllers-default subjects: - kind: ServiceAccount name: Dx441G @@ -3482,9 +2859,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=Ae + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -3635,7 +3011,7 @@ metadata: app.kubernetes.io/name: kzHCtV app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rEba-metrics-reader + name: rEba-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -3669,9 +3045,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -3681,199 +3057,126 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas + - controllerrevisions verbs: - get - list - watch - apiGroups: - - "" + - apps resources: - - persistentvolumes + - deployments + - statefulsets verbs: + - create + - delete - get - list - patch + - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rEba-default -subjects: -- kind: ServiceAccount - name: rEba - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rEba-additional-controllers-default -subjects: -- kind: ServiceAccount - name: rEba - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba-election-role - namespace: default -rules: - apiGroups: - - "" + - autoscaling resources: - - configmaps + - horizontalpodautoscalers verbs: - create - delete @@ -3883,44 +3186,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - batch resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba - namespace: default -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases + - jobs verbs: - create - delete @@ -3930,13 +3198,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -3946,25 +3211,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -3974,37 +3223,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -4062,6 +3306,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -4075,9 +3321,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -4085,9 +3331,14 @@ metadata: app.kubernetes.io/name: kzHCtV app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rEba-additional-controllers - namespace: default + name: rEba-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -4121,6 +3372,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -4131,6 +3410,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -4145,10 +3434,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -4157,101 +3448,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: rEba-election-role -subjects: -- kind: ServiceAccount - name: rEba - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kzHCtV - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rEba - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: rEba -subjects: -- kind: ServiceAccount - name: rEba - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -4259,12 +3488,11 @@ metadata: app.kubernetes.io/name: kzHCtV app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rEba-additional-controllers - namespace: default + name: rEba-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: rEba-additional-controllers + kind: ClusterRole + name: rEba-default subjects: - kind: ServiceAccount name: rEba @@ -4272,9 +3500,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -4282,12 +3510,11 @@ metadata: app.kubernetes.io/name: kzHCtV app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rEba-rpk-bundle - namespace: default + name: rEba-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: rEba-rpk-bundle + kind: ClusterRole + name: rEba-additional-controllers-default subjects: - kind: ServiceAccount name: rEba @@ -4364,9 +3591,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=CcZY + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator - 4ApSMU1 @@ -4541,7 +3767,7 @@ metadata: app.kubernetes.io/name: BRlD app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-metrics-reader + name: kdh6Z-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -4576,9 +3802,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -4588,42 +3814,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -4632,203 +3832,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kdh6Z-default -subjects: -- kind: ServiceAccount - name: SpE0 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kdh6Z-additional-controllers-default -subjects: -- kind: ServiceAccount - name: SpE0 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -4922,6 +3967,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -4974,6 +4063,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -4987,9 +4078,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: F0wS: vBToTa @@ -4998,20 +4089,25 @@ metadata: app.kubernetes.io/name: BRlD app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-additional-controllers - namespace: default + name: kdh6Z-additional-controllers-default rules: - apiGroups: - "" resources: - - events + - persistentvolumes verbs: - - create - patch - apiGroups: - "" resources: - - persistentvolumeclaims + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get @@ -5034,6 +4130,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -5044,6 +4168,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -5058,10 +4192,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -5070,104 +4206,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kdh6Z-election-role -subjects: -- kind: ServiceAccount - name: SpE0 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - F0wS: vBToTa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: BRlD - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kdh6Z -subjects: -- kind: ServiceAccount - name: SpE0 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: F0wS: vBToTa @@ -5176,12 +4247,11 @@ metadata: app.kubernetes.io/name: BRlD app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-additional-controllers - namespace: default + name: kdh6Z-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: kdh6Z-additional-controllers + kind: ClusterRole + name: kdh6Z-default subjects: - kind: ServiceAccount name: SpE0 @@ -5189,9 +4259,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: F0wS: vBToTa @@ -5200,12 +4270,11 @@ metadata: app.kubernetes.io/name: BRlD app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: kdh6Z-rpk-bundle - namespace: default + name: kdh6Z-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: kdh6Z-rpk-bundle + kind: ClusterRole + name: kdh6Z-additional-controllers-default subjects: - kind: ServiceAccount name: SpE0 @@ -5276,9 +4345,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=a4SuUdq + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -5441,7 +4509,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wU3MsxN: 4Bn0vQj - name: WM7nRI7B-metrics-reader + name: WM7nRI7B-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -5478,9 +4546,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -5490,42 +4558,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -5534,213 +4576,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: WM7nRI7B-default -subjects: -- kind: ServiceAccount - name: WM7nRI7B - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: WM7nRI7B-additional-controllers-default -subjects: -- kind: ServiceAccount - name: WM7nRI7B - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -5834,6 +4711,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -5886,6 +4807,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -5899,9 +4822,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "1": Waszk6s @@ -5912,9 +4835,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wU3MsxN: 4Bn0vQj - name: WM7nRI7B-additional-controllers - namespace: default + name: WM7nRI7B-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -5948,6 +4876,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -5958,6 +4914,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -5972,10 +4938,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -5984,6 +4952,23 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -5997,9 +4982,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "1": Waszk6s @@ -6010,110 +4995,21 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wU3MsxN: 4Bn0vQj - name: WM7nRI7B-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM7nRI7B-election-role -subjects: -- kind: ServiceAccount - name: WM7nRI7B + name: WM7nRI7B-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: WM7nRI7B-default +subjects: +- kind: ServiceAccount + name: WM7nRI7B namespace: default --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM7nRI7B -subjects: -- kind: ServiceAccount - name: WM7nRI7B - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - "1": Waszk6s - AhQJg: sYlEc - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zejbO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wU3MsxN: 4Bn0vQj - name: WM7nRI7B-additional-controllers - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM7nRI7B-additional-controllers -subjects: -- kind: ServiceAccount - name: WM7nRI7B - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "1": Waszk6s @@ -6124,12 +5020,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wU3MsxN: 4Bn0vQj - name: WM7nRI7B-rpk-bundle - namespace: default + name: WM7nRI7B-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM7nRI7B-rpk-bundle + kind: ClusterRole + name: WM7nRI7B-additional-controllers-default subjects: - kind: ServiceAccount name: WM7nRI7B @@ -6204,9 +5099,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=eM + - --webhook-enabled=false - --configurator-tag=IyW - --configurator-base-image=Rr9cCH8 - sAQJC @@ -6380,7 +5274,7 @@ metadata: app.kubernetes.io/name: di app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Em-metrics-reader + name: Em-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -6415,9 +5309,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -6427,42 +5321,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -6471,203 +5339,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Em-default -subjects: -- kind: ServiceAccount - name: Em - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Em-additional-controllers-default -subjects: -- kind: ServiceAccount - name: Em - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -6761,6 +5474,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -6813,6 +5570,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -6826,9 +5585,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: CQkNCSKpK8nmJ: B @@ -6837,9 +5596,14 @@ metadata: app.kubernetes.io/name: di app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Em-additional-controllers - namespace: default + name: Em-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -6873,6 +5637,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -6883,6 +5675,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -6897,10 +5699,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -6909,104 +5713,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Em-election-role -subjects: -- kind: ServiceAccount - name: Em - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - CQkNCSKpK8nmJ: B - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: di - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Em - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Em -subjects: -- kind: ServiceAccount - name: Em - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: CQkNCSKpK8nmJ: B @@ -7015,12 +5754,11 @@ metadata: app.kubernetes.io/name: di app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Em-additional-controllers - namespace: default + name: Em-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Em-additional-controllers + kind: ClusterRole + name: Em-default subjects: - kind: ServiceAccount name: Em @@ -7028,9 +5766,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: CQkNCSKpK8nmJ: B @@ -7039,12 +5777,11 @@ metadata: app.kubernetes.io/name: di app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Em-rpk-bundle - namespace: default + name: Em-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Em-rpk-bundle + kind: ClusterRole + name: Em-additional-controllers-default subjects: - kind: ServiceAccount name: Em @@ -7113,9 +5850,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=OdrK + - --webhook-enabled=false - --configurator-tag=9JWhXp - --configurator-base-image=eZ6Hz command: @@ -7359,9 +6095,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=Y + - --webhook-enabled=false - --configurator-tag=E5edBYpa - --configurator-base-image=ISoDbxsE command: @@ -7520,7 +6255,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 u: yT9Aqc - name: DBMkVbLNvvZn-metrics-reader + name: DBMkVbLNvvZn-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -7558,9 +6293,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -7570,42 +6305,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -7614,218 +6323,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn-additional-controllers-default -rules: - apiGroups: - "" resources: - persistentvolumes verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: DBMkVbLNvvZn-default -subjects: -- kind: ServiceAccount - name: q5hs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: DBMkVbLNvvZn-additional-controllers-default -subjects: -- kind: ServiceAccount - name: q5hs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -7919,6 +6458,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -7971,6 +6554,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -7984,7 +6569,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: 5mUYOp: Eqc @@ -7998,9 +6583,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 u: yT9Aqc - name: DBMkVbLNvvZn-additional-controllers - namespace: default + name: DBMkVbLNvvZn-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -8034,6 +6624,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -8044,6 +6662,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -8058,10 +6686,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -8070,111 +6700,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: DBMkVbLNvvZn-election-role -subjects: -- kind: ServiceAccount - name: q5hs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 5mUYOp: Eqc - AsH: OAiucz - eEDhSFGX: WSL6MXpbA - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: GNbmN - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - u: yT9Aqc - name: DBMkVbLNvvZn - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: DBMkVbLNvvZn -subjects: -- kind: ServiceAccount - name: q5hs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 5mUYOp: Eqc @@ -8188,12 +6744,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 u: yT9Aqc - name: DBMkVbLNvvZn-additional-controllers - namespace: default + name: DBMkVbLNvvZn-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: DBMkVbLNvvZn-additional-controllers + kind: ClusterRole + name: DBMkVbLNvvZn-default subjects: - kind: ServiceAccount name: q5hs @@ -8201,7 +6756,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 5mUYOp: Eqc @@ -8215,12 +6770,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 u: yT9Aqc - name: DBMkVbLNvvZn-rpk-bundle - namespace: default + name: DBMkVbLNvvZn-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: DBMkVbLNvvZn-rpk-bundle + kind: ClusterRole + name: DBMkVbLNvvZn-additional-controllers-default subjects: - kind: ServiceAccount name: q5hs @@ -8311,9 +6865,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=gT + - --webhook-enabled=false - --configurator-tag=6LBRlD - --configurator-base-image=kw6W command: @@ -8470,7 +7023,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gLlqKr: m helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-metrics-reader + name: kBI8lEs-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -8506,9 +7059,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -8518,42 +7071,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -8562,208 +7089,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kBI8lEs-default -subjects: -- kind: ServiceAccount - name: kBI8lEs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kBI8lEs-additional-controllers-default -subjects: -- kind: ServiceAccount - name: kBI8lEs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -8857,6 +7224,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -8909,6 +7320,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -8922,9 +7335,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "": Wyz @@ -8934,9 +7347,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gLlqKr: m helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-additional-controllers - namespace: default + name: kBI8lEs-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -8970,6 +7388,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -8980,6 +7426,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -8994,10 +7450,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -9006,107 +7464,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kBI8lEs-election-role -subjects: -- kind: ServiceAccount - name: kBI8lEs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - "": Wyz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6n9214EY - app.kubernetes.io/version: v25.1.1-beta3 - gLlqKr: m - helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kBI8lEs -subjects: -- kind: ServiceAccount - name: kBI8lEs - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "": Wyz @@ -9116,12 +7506,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gLlqKr: m helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-additional-controllers - namespace: default + name: kBI8lEs-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: kBI8lEs-additional-controllers + kind: ClusterRole + name: kBI8lEs-default subjects: - kind: ServiceAccount name: kBI8lEs @@ -9129,9 +7518,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "": Wyz @@ -9141,12 +7530,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gLlqKr: m helm.sh/chart: operator-25.1.1-beta3 - name: kBI8lEs-rpk-bundle - namespace: default + name: kBI8lEs-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: kBI8lEs-rpk-bundle + kind: ClusterRole + name: kBI8lEs-additional-controllers-default subjects: - kind: ServiceAccount name: kBI8lEs @@ -9215,9 +7603,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=Qgv + - --webhook-enabled=false - --configurator-tag=Fc9SuJ - --configurator-base-image=nkEl command: @@ -9380,7 +7767,7 @@ metadata: app.kubernetes.io/name: Ubj app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rcE-metrics-reader + name: rcE-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -9416,9 +7803,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -9428,207 +7815,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - events verbs: - - get - - list - - watch + - create + - patch - apiGroups: - - "" + - apps resources: - - persistentvolumes + - controllerrevisions verbs: - get - list - - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rcE-default -subjects: -- kind: ServiceAccount - name: rcE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rcE-additional-controllers-default -subjects: -- kind: ServiceAccount - name: rcE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE-election-role - namespace: default -rules: - apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -9638,16 +7932,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -9656,28 +7943,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -9687,13 +7956,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -9703,25 +7969,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -9731,37 +7981,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -9819,6 +8064,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -9832,7 +8079,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: 7Kz: 6vhFA @@ -9844,9 +8091,14 @@ metadata: app.kubernetes.io/name: Ubj app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rcE-additional-controllers - namespace: default + name: rcE-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -9880,6 +8132,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -9890,6 +8170,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -9904,10 +8194,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -9916,105 +8208,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: rcE-election-role -subjects: -- kind: ServiceAccount - name: rcE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 7Kz: 6vhFA - hw87: p7dM7cs - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Ubj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: rcE - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: rcE -subjects: -- kind: ServiceAccount - name: rcE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 7Kz: 6vhFA @@ -10026,12 +8250,11 @@ metadata: app.kubernetes.io/name: Ubj app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rcE-additional-controllers - namespace: default + name: rcE-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: rcE-additional-controllers + kind: ClusterRole + name: rcE-default subjects: - kind: ServiceAccount name: rcE @@ -10039,7 +8262,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 7Kz: 6vhFA @@ -10051,12 +8274,11 @@ metadata: app.kubernetes.io/name: Ubj app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: rcE-rpk-bundle - namespace: default + name: rcE-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: rcE-rpk-bundle + kind: ClusterRole + name: rcE-additional-controllers-default subjects: - kind: ServiceAccount name: rcE @@ -10151,9 +8373,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=dqEg + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator - "" @@ -10336,7 +8557,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 mOxaE: dEuL w49JChsEQqA0: "3" - name: 7guti07-metrics-reader + name: 7guti07-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -10373,9 +8594,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -10385,42 +8606,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -10429,213 +8624,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 7guti07-default -subjects: -- kind: ServiceAccount - name: 7guti07 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 7guti07-additional-controllers-default -subjects: -- kind: ServiceAccount - name: 7guti07 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07 - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -10729,6 +8759,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -10781,6 +8855,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -10794,9 +8870,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: VTHH: SaDKhXP @@ -10807,9 +8883,14 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 mOxaE: dEuL w49JChsEQqA0: "3" - name: 7guti07-additional-controllers - namespace: default + name: 7guti07-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -10843,6 +8924,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -10853,6 +8962,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -10867,10 +8986,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -10879,110 +9000,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 7guti07-election-role -subjects: -- kind: ServiceAccount - name: 7guti07 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - VTHH: SaDKhXP - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pP - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mOxaE: dEuL - w49JChsEQqA0: "3" - name: 7guti07 - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 7guti07 -subjects: -- kind: ServiceAccount - name: 7guti07 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: VTHH: SaDKhXP @@ -10993,12 +9043,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 mOxaE: dEuL w49JChsEQqA0: "3" - name: 7guti07-additional-controllers - namespace: default + name: 7guti07-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 7guti07-additional-controllers + kind: ClusterRole + name: 7guti07-default subjects: - kind: ServiceAccount name: 7guti07 @@ -11006,9 +9055,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: VTHH: SaDKhXP @@ -11019,12 +9068,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 mOxaE: dEuL w49JChsEQqA0: "3" - name: 7guti07-rpk-bundle - namespace: default + name: 7guti07-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 7guti07-rpk-bundle + kind: ClusterRole + name: 7guti07-additional-controllers-default subjects: - kind: ServiceAccount name: 7guti07 @@ -11095,9 +9143,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=aWy1AZjYl + - --webhook-enabled=false - --configurator-tag=W0p45uvP8 - --configurator-base-image=5grR1QB - 6SD9JDbQ7Q @@ -11250,7 +9297,7 @@ metadata: app.kubernetes.io/name: E4UR app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-metrics-reader + name: J5MiI-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -11284,9 +9331,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -11296,199 +9343,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" + - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas + - controllerrevisions verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: J5MiI-default -subjects: -- kind: ServiceAccount - name: J5MiI - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: J5MiI-additional-controllers-default -subjects: -- kind: ServiceAccount - name: J5MiI - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-election-role - namespace: default -rules: -- apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -11498,16 +9460,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -11516,26 +9471,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -11545,13 +9484,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -11561,25 +9497,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -11589,37 +9509,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -11677,6 +9592,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -11690,9 +9607,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -11700,9 +9617,14 @@ metadata: app.kubernetes.io/name: E4UR app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-additional-controllers - namespace: default + name: J5MiI-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -11736,6 +9658,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -11746,6 +9696,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -11760,10 +9720,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -11772,101 +9734,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: J5MiI-election-role -subjects: -- kind: ServiceAccount - name: J5MiI - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: E4UR - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: J5MiI -subjects: -- kind: ServiceAccount - name: J5MiI - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -11874,12 +9774,11 @@ metadata: app.kubernetes.io/name: E4UR app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-additional-controllers - namespace: default + name: J5MiI-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: J5MiI-additional-controllers + kind: ClusterRole + name: J5MiI-default subjects: - kind: ServiceAccount name: J5MiI @@ -11887,9 +9786,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -11897,12 +9796,11 @@ metadata: app.kubernetes.io/name: E4UR app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: J5MiI-rpk-bundle - namespace: default + name: J5MiI-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: J5MiI-rpk-bundle + kind: ClusterRole + name: J5MiI-additional-controllers-default subjects: - kind: ServiceAccount name: J5MiI @@ -11968,9 +9866,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=HhY5pV + - --webhook-enabled=false - --configurator-tag=iRz - --configurator-base-image=DpT1qi9X command: @@ -12172,7 +10069,7 @@ metadata: app.kubernetes.io/name: xALbe0A app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-metrics-reader + name: NofaS-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -12208,9 +10105,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -12220,42 +10117,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -12264,208 +10135,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: NofaS-default -subjects: -- kind: ServiceAccount - name: NofaS - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: NofaS-additional-controllers-default -subjects: -- kind: ServiceAccount - name: NofaS - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -12559,6 +10270,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -12611,6 +10366,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -12624,9 +10381,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: 71sOOTU: en8OPZRyg7 @@ -12636,9 +10393,14 @@ metadata: app.kubernetes.io/name: xALbe0A app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-additional-controllers - namespace: default + name: NofaS-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -12672,6 +10434,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -12682,6 +10472,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -12696,10 +10496,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -12708,107 +10510,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: NofaS-election-role -subjects: -- kind: ServiceAccount - name: NofaS - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - 71sOOTU: en8OPZRyg7 - L2FlwR: TODz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: xALbe0A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: NofaS - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: NofaS -subjects: -- kind: ServiceAccount - name: NofaS - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: 71sOOTU: en8OPZRyg7 @@ -12818,12 +10552,11 @@ metadata: app.kubernetes.io/name: xALbe0A app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-additional-controllers - namespace: default + name: NofaS-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: NofaS-additional-controllers + kind: ClusterRole + name: NofaS-default subjects: - kind: ServiceAccount name: NofaS @@ -12831,9 +10564,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: 71sOOTU: en8OPZRyg7 @@ -12843,12 +10576,11 @@ metadata: app.kubernetes.io/name: xALbe0A app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: NofaS-rpk-bundle - namespace: default + name: NofaS-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: NofaS-rpk-bundle + kind: ClusterRole + name: NofaS-additional-controllers-default subjects: - kind: ServiceAccount name: NofaS @@ -12922,9 +10654,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=DCM8 + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -13168,9 +10899,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=6TGvv + - --webhook-enabled=false - --configurator-tag=J18tP9n - --configurator-base-image=AhZ - x7K3o @@ -13345,7 +11075,7 @@ metadata: app.kubernetes.io/name: TCq app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: K9R-metrics-reader + name: K9R-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -13380,9 +11110,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -13392,138 +11122,66 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - events verbs: - - get + - create - patch - - update - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - schemas - - topics - - users + - leases verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumes verbs: - - create - - delete - get - list - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - "": h5TCA9NX - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: TCq - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: K9R-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: K9R-default -subjects: -- kind: ServiceAccount - name: Y7Y8 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": h5TCA9NX - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: TCq - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: K9R-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - nodes verbs: - - create - - patch + - get - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": h5TCA9NX - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: TCq - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: K9R - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -13617,6 +11275,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -13669,6 +11371,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -13682,31 +11386,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - "": h5TCA9NX - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: TCq - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: K9R-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: K9R-election-role -subjects: -- kind: ServiceAccount - name: Y7Y8 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: "": h5TCA9NX @@ -13717,12 +11397,11 @@ metadata: app.kubernetes.io/name: TCq app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: K9R - namespace: default + name: K9R-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: K9R + kind: ClusterRole + name: K9R-default subjects: - kind: ServiceAccount name: Y7Y8 @@ -13803,9 +11482,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=vOvAQKBh + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -14130,9 +11808,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=mU + - --webhook-enabled=false - --configurator-tag=PGITfvk - --configurator-base-image=4kWMzql - YXvYnHoraN @@ -14329,7 +12006,7 @@ metadata: bKX: d helm.sh/chart: operator-25.1.1-beta3 m2Z8Z: wRw - name: DX7O-metrics-reader + name: DX7O-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -14364,6 +12041,172 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cluster.redpanda.com resources: @@ -14409,10 +12252,9 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -14421,121 +12263,62 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - - "" + - monitoring.coreos.com resources: - - persistentvolumes + - podmonitors + - servicemonitors verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - - "" + - networking.k8s.io resources: - - persistentvolumes + - ingresses verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - policy resources: - - redpandas + - poddisruptionbudgets verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - - "" + - rbac.authorization.k8s.io resources: - - persistentvolumes + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: DX7O-default -subjects: -- kind: ServiceAccount - name: pHzNPjb - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -14548,44 +12331,13 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 m2Z8Z: wRw name: DX7O-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: DX7O-additional-controllers-default -subjects: -- kind: ServiceAccount - name: pHzNPjb - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O-election-role - namespace: default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes verbs: - - create - - delete - - get - - list - patch - - update - - watch - apiGroups: - "" resources: @@ -14594,74 +12346,19 @@ rules: - create - patch - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O - namespace: default -rules: -- apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumeclaims verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - configmaps - pods - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions verbs: - get - list @@ -14669,96 +12366,64 @@ rules: - apiGroups: - apps resources: - - deployments - statefulsets verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - batch + - "" resources: - - jobs + - configmaps + - nodes + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - "" resources: - - certificates - - issuers + - persistentvolumes verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - coordination.k8s.io + - cluster.redpanda.com resources: - - leases + - redpandas verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - monitoring.coreos.com + - "" resources: - - podmonitors - - servicemonitors + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - networking.k8s.io + - "" resources: - - ingresses + - configmaps + - pods + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - policy + - "" resources: - - poddisruptionbudgets + - persistentvolumeclaims verbs: - - create - delete - get - list @@ -14766,105 +12431,39 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - rolebindings - - roles + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O-additional-controllers - namespace: default -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - secrets - verbs: - - get - - list - - watch - apiGroups: - apps resources: - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims + - statefulsets/status verbs: - - delete - - get - - list - patch - update - apiGroups: - - "" + - cluster.redpanda.com resources: - - persistentvolumeclaims + - redpandas verbs: - - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list - - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - patch - - update + - watch - apiGroups: - "" resources: @@ -14878,94 +12477,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: DX7O-election-role -subjects: -- kind: ServiceAccount - name: pHzNPjb - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NlE3orKsq9 - app.kubernetes.io/version: v25.1.1-beta3 - bKX: d - helm.sh/chart: operator-25.1.1-beta3 - m2Z8Z: wRw - name: DX7O - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: DX7O -subjects: -- kind: ServiceAccount - name: pHzNPjb - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -14975,12 +12489,11 @@ metadata: bKX: d helm.sh/chart: operator-25.1.1-beta3 m2Z8Z: wRw - name: DX7O-additional-controllers - namespace: default + name: DX7O-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: DX7O-additional-controllers + kind: ClusterRole + name: DX7O-default subjects: - kind: ServiceAccount name: pHzNPjb @@ -14988,9 +12501,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -15000,12 +12513,11 @@ metadata: bKX: d helm.sh/chart: operator-25.1.1-beta3 m2Z8Z: wRw - name: DX7O-rpk-bundle - namespace: default + name: DX7O-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: DX7O-rpk-bundle + kind: ClusterRole + name: DX7O-additional-controllers-default subjects: - kind: ServiceAccount name: pHzNPjb @@ -15079,9 +12591,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=BpnfO + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -15372,7 +12883,7 @@ metadata: app.kubernetes.io/name: "5" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-metrics-reader + name: x8K24mCZYsnh-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -15409,9 +12920,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -15421,211 +12932,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - events verbs: - - get - - list - - watch + - create + - patch - apiGroups: - - "" + - apps resources: - - persistentvolumes + - controllerrevisions verbs: - get - list - - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: x8K24mCZYsnh-default -subjects: -- kind: ServiceAccount - name: x8K24mCZYsnh - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: x8K24mCZYsnh-additional-controllers-default -subjects: -- kind: ServiceAccount - name: x8K24mCZYsnh - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-election-role - namespace: default -rules: - apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -15635,16 +13049,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -15653,29 +13060,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -15685,13 +13073,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -15701,25 +13086,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -15729,37 +13098,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -15817,6 +13181,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -15830,7 +13196,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: bhU: AcTdNUdgDaT @@ -15843,9 +13209,14 @@ metadata: app.kubernetes.io/name: "5" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-additional-controllers - namespace: default + name: x8K24mCZYsnh-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -15879,6 +13250,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -15889,6 +13288,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -15903,10 +13312,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -15915,108 +13326,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: x8K24mCZYsnh-election-role -subjects: -- kind: ServiceAccount - name: x8K24mCZYsnh - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - bhU: AcTdNUdgDaT - iH: X4s - ieFAk: TxA0xeci - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "5" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: x8K24mCZYsnh -subjects: -- kind: ServiceAccount - name: x8K24mCZYsnh - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: bhU: AcTdNUdgDaT @@ -16029,12 +13369,11 @@ metadata: app.kubernetes.io/name: "5" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-additional-controllers - namespace: default + name: x8K24mCZYsnh-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: x8K24mCZYsnh-additional-controllers + kind: ClusterRole + name: x8K24mCZYsnh-default subjects: - kind: ServiceAccount name: x8K24mCZYsnh @@ -16042,7 +13381,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: bhU: AcTdNUdgDaT @@ -16055,12 +13394,11 @@ metadata: app.kubernetes.io/name: "5" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: x8K24mCZYsnh-rpk-bundle - namespace: default + name: x8K24mCZYsnh-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: x8K24mCZYsnh-rpk-bundle + kind: ClusterRole + name: x8K24mCZYsnh-additional-controllers-default subjects: - kind: ServiceAccount name: x8K24mCZYsnh @@ -16135,9 +13473,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=pMbmKX + - --webhook-enabled=false - --configurator-tag=UVj2te38 - --configurator-base-image=gSveMOQ8Iaw - 6gNh @@ -16346,7 +13683,7 @@ metadata: app.kubernetes.io/name: Fk app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-metrics-reader + name: UHlKDi-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -16383,9 +13720,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -16395,42 +13732,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -16439,213 +13750,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: UHlKDi-default -subjects: -- kind: ServiceAccount - name: UHlKDi - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: UHlKDi-additional-controllers-default -subjects: -- kind: ServiceAccount - name: UHlKDi - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -16739,6 +13885,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -16791,6 +13981,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -16804,7 +13996,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: 8dRB: 5cv @@ -16817,9 +14009,14 @@ metadata: app.kubernetes.io/name: Fk app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-additional-controllers - namespace: default + name: UHlKDi-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -16853,6 +14050,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -16863,6 +14088,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -16877,10 +14112,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -16889,108 +14126,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: UHlKDi-election-role -subjects: -- kind: ServiceAccount - name: UHlKDi - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 8dRB: 5cv - EfHk: fBL - Nm4maThP4X: v - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Fk - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: UHlKDi -subjects: -- kind: ServiceAccount - name: UHlKDi - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 8dRB: 5cv @@ -17003,12 +14169,11 @@ metadata: app.kubernetes.io/name: Fk app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-additional-controllers - namespace: default + name: UHlKDi-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: UHlKDi-additional-controllers + kind: ClusterRole + name: UHlKDi-default subjects: - kind: ServiceAccount name: UHlKDi @@ -17016,7 +14181,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 8dRB: 5cv @@ -17029,12 +14194,11 @@ metadata: app.kubernetes.io/name: Fk app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: UHlKDi-rpk-bundle - namespace: default + name: UHlKDi-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: UHlKDi-rpk-bundle + kind: ClusterRole + name: UHlKDi-additional-controllers-default subjects: - kind: ServiceAccount name: UHlKDi @@ -17112,9 +14276,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=5ruW + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -17296,7 +14459,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-metrics-reader + name: wINY4HR-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -17332,9 +14495,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -17344,207 +14507,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - events verbs: - - get - - list - - watch + - create + - patch - apiGroups: - - "" + - apps resources: - - persistentvolumes + - controllerrevisions verbs: - get - list - - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: wINY4HR-default -subjects: -- kind: ServiceAccount - name: ft - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: wINY4HR-additional-controllers-default -subjects: -- kind: ServiceAccount - name: ft - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-election-role - namespace: default -rules: - apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -17554,16 +14624,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -17572,28 +14635,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -17603,13 +14648,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -17619,25 +14661,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -17647,37 +14673,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -17735,6 +14756,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -17748,9 +14771,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: NoeniB5: Fc1 @@ -17760,9 +14783,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-additional-controllers - namespace: default + name: wINY4HR-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -17796,6 +14824,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -17806,6 +14862,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -17820,10 +14886,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -17832,107 +14900,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: wINY4HR-election-role -subjects: -- kind: ServiceAccount - name: ft - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - NoeniB5: Fc1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: IC6CHScZj - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: wINY4HR -subjects: -- kind: ServiceAccount - name: ft - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: NoeniB5: Fc1 @@ -17942,12 +14942,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-additional-controllers - namespace: default + name: wINY4HR-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: wINY4HR-additional-controllers + kind: ClusterRole + name: wINY4HR-default subjects: - kind: ServiceAccount name: ft @@ -17955,9 +14954,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: NoeniB5: Fc1 @@ -17967,12 +14966,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 ruSHmUUvOj1: h3BuiPAHIC - name: wINY4HR-rpk-bundle - namespace: default + name: wINY4HR-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: wINY4HR-rpk-bundle + kind: ClusterRole + name: wINY4HR-additional-controllers-default subjects: - kind: ServiceAccount name: ft @@ -18118,9 +15116,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=wt4uT + - --webhook-enabled=false - --configurator-tag=MJp - --configurator-base-image=6ERMjI8 - vp9WG @@ -18379,7 +15376,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kxvj1aV: un4v2 - name: 5-metrics-reader + name: 5-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -18414,9 +15411,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -18426,42 +15423,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -18470,203 +15441,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: 5-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: 5-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 5-default -subjects: -- kind: ServiceAccount - name: 12bwUKO - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: 5-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 5-additional-controllers-default -subjects: -- kind: ServiceAccount - name: 12bwUKO - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: 5-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: "5" - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -18760,6 +15576,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -18812,6 +15672,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -18825,9 +15687,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -18836,9 +15698,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kxvj1aV: un4v2 - name: 5-additional-controllers - namespace: default + name: 5-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -18872,6 +15739,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -18882,6 +15777,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -18896,10 +15801,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -18908,104 +15815,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: 5-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: 5-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 5-election-role -subjects: -- kind: ServiceAccount - name: 12bwUKO - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZtDuI - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kxvj1aV: un4v2 - name: "5" - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "5" -subjects: -- kind: ServiceAccount - name: 12bwUKO - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -19014,12 +15856,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kxvj1aV: un4v2 - name: 5-additional-controllers - namespace: default + name: 5-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 5-additional-controllers + kind: ClusterRole + name: 5-default subjects: - kind: ServiceAccount name: 12bwUKO @@ -19027,9 +15868,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -19038,12 +15879,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kxvj1aV: un4v2 - name: 5-rpk-bundle - namespace: default + name: 5-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 5-rpk-bundle + kind: ClusterRole + name: 5-additional-controllers-default subjects: - kind: ServiceAccount name: 12bwUKO @@ -19113,9 +15953,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=PgU9SwD + - --webhook-enabled=false - --configurator-tag=fK - --configurator-base-image=5T8t - aQJ @@ -19299,7 +16138,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gWL: pM helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-metrics-reader + name: sFwgtf-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -19338,9 +16177,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -19350,219 +16189,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - - list + - create - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch - apiGroups: - - "" + - apps resources: - - persistentvolumes + - controllerrevisions verbs: - get - list - - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: sFwgtf-default -subjects: -- kind: ServiceAccount - name: sFwgtf - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: sFwgtf-additional-controllers-default -subjects: -- kind: ServiceAccount - name: sFwgtf - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-election-role - namespace: default -rules: - apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -19572,16 +16306,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -19590,31 +16317,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -19624,13 +16330,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -19640,25 +16343,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -19668,37 +16355,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -19756,6 +16438,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -19769,7 +16453,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: 1DvJW: rHStv2tPg @@ -19784,9 +16468,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gWL: pM helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-additional-controllers - namespace: default + name: sFwgtf-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -19820,6 +16509,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -19830,6 +16547,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -19844,10 +16571,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -19856,114 +16585,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: sFwgtf-election-role -subjects: -- kind: ServiceAccount - name: sFwgtf - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 1DvJW: rHStv2tPg - nol: gP - creationTimestamp: null - labels: - 8BO5: Bd5OIo - JnjTVDz: 5xDh - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: NY - app.kubernetes.io/version: v25.1.1-beta3 - gWL: pM - helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: sFwgtf -subjects: -- kind: ServiceAccount - name: sFwgtf - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 1DvJW: rHStv2tPg @@ -19978,12 +16630,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gWL: pM helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-additional-controllers - namespace: default + name: sFwgtf-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: sFwgtf-additional-controllers + kind: ClusterRole + name: sFwgtf-default subjects: - kind: ServiceAccount name: sFwgtf @@ -19991,7 +16642,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 1DvJW: rHStv2tPg @@ -20006,12 +16657,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 gWL: pM helm.sh/chart: operator-25.1.1-beta3 - name: sFwgtf-rpk-bundle - namespace: default + name: sFwgtf-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: sFwgtf-rpk-bundle + kind: ClusterRole + name: sFwgtf-additional-controllers-default subjects: - kind: ServiceAccount name: sFwgtf @@ -20197,9 +16847,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=zoF + - --webhook-enabled=false - --configurator-tag=GXw - --configurator-base-image=Jlzs9s command: @@ -20427,7 +17076,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 iW8sRg: to - name: bi-metrics-reader + name: bi-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -20462,9 +17111,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -20474,42 +17123,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -20518,203 +17141,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: bi-default -subjects: -- kind: ServiceAccount - name: TWwJQX - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: bi-additional-controllers-default -subjects: -- kind: ServiceAccount - name: TWwJQX - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -20808,6 +17276,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -20860,6 +17372,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -20873,9 +17387,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -20884,9 +17398,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 iW8sRg: to - name: bi-additional-controllers - namespace: default + name: bi-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -20920,6 +17439,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -20930,6 +17477,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -20944,10 +17501,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -20956,104 +17515,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: bi-election-role -subjects: -- kind: ServiceAccount - name: TWwJQX - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 4waX - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - iW8sRg: to - name: bi - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: bi -subjects: -- kind: ServiceAccount - name: TWwJQX - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -21062,12 +17556,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 iW8sRg: to - name: bi-additional-controllers - namespace: default + name: bi-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: bi-additional-controllers + kind: ClusterRole + name: bi-default subjects: - kind: ServiceAccount name: TWwJQX @@ -21075,9 +17568,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -21086,12 +17579,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 iW8sRg: to - name: bi-rpk-bundle - namespace: default + name: bi-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: bi-rpk-bundle + kind: ClusterRole + name: bi-additional-controllers-default subjects: - kind: ServiceAccount name: TWwJQX @@ -21380,9 +17872,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=S3 + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -21585,7 +18076,7 @@ metadata: app.kubernetes.io/name: YCs app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-metrics-reader + name: operator-YCs-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -21622,9 +18113,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -21634,42 +18125,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -21678,213 +18143,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-YCs-default -subjects: -- kind: ServiceAccount - name: a - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-YCs-additional-controllers-default -subjects: -- kind: ServiceAccount - name: a - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -21978,6 +18278,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -22030,6 +18374,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -22043,7 +18389,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: "": d0zsybqG @@ -22056,9 +18402,14 @@ metadata: app.kubernetes.io/name: YCs app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-additional-controllers - namespace: default + name: operator-YCs-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -22092,6 +18443,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -22102,6 +18481,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -22116,10 +18505,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -22128,108 +18519,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-YCs-election-role -subjects: -- kind: ServiceAccount - name: a - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - "": d0zsybqG - JuYYWSQr: R3Yk7 - TtPk6C: ivO8 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: YCs - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-YCs -subjects: -- kind: ServiceAccount - name: a - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: "": d0zsybqG @@ -22242,12 +18562,11 @@ metadata: app.kubernetes.io/name: YCs app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-additional-controllers - namespace: default + name: operator-YCs-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-YCs-additional-controllers + kind: ClusterRole + name: operator-YCs-default subjects: - kind: ServiceAccount name: a @@ -22255,7 +18574,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: "": d0zsybqG @@ -22268,12 +18587,11 @@ metadata: app.kubernetes.io/name: YCs app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-YCs-rpk-bundle - namespace: default + name: operator-YCs-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-YCs-rpk-bundle + kind: ClusterRole + name: operator-YCs-additional-controllers-default subjects: - kind: ServiceAccount name: a @@ -22484,9 +18802,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=mcE2xz8 + - --webhook-enabled=false - --configurator-tag=z7F5fT - --configurator-base-image=4s6FZUA - 2MguVfZ @@ -22959,9 +19276,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=NaLO9z + - --webhook-enabled=false - --configurator-tag=Lotm9epAH - --configurator-base-image=g96 command: @@ -23180,7 +19496,7 @@ metadata: app.kubernetes.io/name: VhCMS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2-metrics-reader + name: 2-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -23218,9 +19534,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -23230,42 +19546,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -23274,218 +19564,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2-additional-controllers-default -rules: - apiGroups: - "" resources: - persistentvolumes verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 2-default -subjects: -- kind: ServiceAccount - name: blB - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 2-additional-controllers-default -subjects: -- kind: ServiceAccount - name: blB - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: "2" - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -23579,6 +19699,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -23631,6 +19795,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -23644,7 +19810,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: Xpmsmk: xwQ7HYnx @@ -23658,9 +19824,14 @@ metadata: app.kubernetes.io/name: VhCMS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2-additional-controllers - namespace: default + name: 2-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -23694,6 +19865,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -23704,6 +19903,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -23718,10 +19927,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -23730,111 +19941,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2-election-role -subjects: -- kind: ServiceAccount - name: blB - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Xpmsmk: xwQ7HYnx - nht: xpYQ9rPl - creationTimestamp: null - labels: - 9Yl4uYdhi: AwRf - SX: I - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: VhCMS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: "2" - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "2" -subjects: -- kind: ServiceAccount - name: blB - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Xpmsmk: xwQ7HYnx @@ -23848,12 +19985,11 @@ metadata: app.kubernetes.io/name: VhCMS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2-additional-controllers - namespace: default + name: 2-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2-additional-controllers + kind: ClusterRole + name: 2-default subjects: - kind: ServiceAccount name: blB @@ -23861,7 +19997,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Xpmsmk: xwQ7HYnx @@ -23875,12 +20011,11 @@ metadata: app.kubernetes.io/name: VhCMS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2-rpk-bundle - namespace: default + name: 2-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2-rpk-bundle + kind: ClusterRole + name: 2-additional-controllers-default subjects: - kind: ServiceAccount name: blB @@ -24078,9 +20213,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=xLHAob + - --webhook-enabled=false - --configurator-tag=5yg4G - --configurator-base-image=Bl6b0ql7 - htV @@ -24360,7 +20494,7 @@ metadata: app.kubernetes.io/name: Qi app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: z7BRO-metrics-reader + name: z7BRO-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -24396,9 +20530,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -24408,141 +20542,66 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - events verbs: - - get + - create - patch - - update - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - schemas - - topics - - users + - leases verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumes verbs: - - create - - delete - get - list - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - "9": WiLvS4 - Fzjuqz0im: "023" - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Qi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: z7BRO-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: z7BRO-default -subjects: -- kind: ServiceAccount - name: tIa - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "9": WiLvS4 - Fzjuqz0im: "023" - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Qi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: z7BRO-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - nodes verbs: - - create - - patch + - get - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "9": WiLvS4 - Fzjuqz0im: "023" - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Qi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: z7BRO - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -24636,6 +20695,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -24688,6 +20791,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -24701,34 +20806,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - "9": WiLvS4 - Fzjuqz0im: "023" - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Qi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: z7BRO-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: z7BRO-election-role -subjects: -- kind: ServiceAccount - name: tIa - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "9": WiLvS4 @@ -24738,12 +20818,11 @@ metadata: app.kubernetes.io/name: Qi app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: z7BRO - namespace: default + name: z7BRO-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: z7BRO + kind: ClusterRole + name: z7BRO-default subjects: - kind: ServiceAccount name: tIa @@ -25043,9 +21122,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=GusePZR7AB + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator - TvXwul @@ -25442,9 +21520,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=EQ + - --webhook-enabled=false - --configurator-tag=S - --configurator-base-image=qO8Q6 - ufbUW @@ -25727,7 +21804,7 @@ metadata: app.kubernetes.io/name: aYT app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: D-metrics-reader + name: D-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -25763,220 +21840,6 @@ rules: - subjectaccessreviews verbs: - create -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - schemas - - topics - - users - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - - get - - list - - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: D-default -subjects: -- kind: ServiceAccount - name: 40Wt - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: D-additional-controllers-default -subjects: -- kind: ServiceAccount - name: 40Wt - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D-election-role - namespace: default -rules: - apiGroups: - "" resources: @@ -26008,25 +21871,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D - namespace: default -rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list - apiGroups: - coordination.k8s.io resources: @@ -26120,6 +22006,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -26172,6 +22102,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -26185,9 +22117,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: H15A: FR @@ -26198,9 +22130,14 @@ metadata: app.kubernetes.io/name: aYT app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: D-additional-controllers - namespace: default + name: D-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -26234,6 +22171,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -26244,6 +22209,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -26258,10 +22233,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -26270,110 +22247,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: D-election-role -subjects: -- kind: ServiceAccount - name: 40Wt - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - H15A: FR - ImNZ2R: 4b11Ajcj71 - MkV5WTrr: tzjZwG - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: aYT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: D - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: D -subjects: -- kind: ServiceAccount - name: 40Wt - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: H15A: FR @@ -26384,12 +22290,11 @@ metadata: app.kubernetes.io/name: aYT app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: D-additional-controllers - namespace: default + name: D-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: D-additional-controllers + kind: ClusterRole + name: D-default subjects: - kind: ServiceAccount name: 40Wt @@ -26397,9 +22302,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: H15A: FR @@ -26410,12 +22315,11 @@ metadata: app.kubernetes.io/name: aYT app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: D-rpk-bundle - namespace: default + name: D-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: D-rpk-bundle + kind: ClusterRole + name: D-additional-controllers-default subjects: - kind: ServiceAccount name: 40Wt @@ -26547,9 +22451,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=hPrI1P + - --webhook-enabled=false - --configurator-tag=Gd0 - --configurator-base-image=8mlV command: @@ -27173,9 +23076,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=v1480 + - --webhook-enabled=false - --configurator-tag=SwdpKv - --configurator-base-image=a2vgH0 command: @@ -27396,7 +23298,7 @@ metadata: app.kubernetes.io/name: pnciO app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-metrics-reader + name: tDyp0579ogHIu-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -27433,9 +23335,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -27445,42 +23347,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -27489,213 +23365,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-additional-controllers-default -rules: - apiGroups: - "" resources: - persistentvolumes verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - nodes verbs: - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tDyp0579ogHIu-default -subjects: -- kind: ServiceAccount - name: Zihc6G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tDyp0579ogHIu-additional-controllers-default -subjects: -- kind: ServiceAccount - name: Zihc6G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -27789,6 +23500,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -27841,6 +23596,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -27854,7 +23611,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: B11cb: P1mQky @@ -27867,9 +23624,14 @@ metadata: app.kubernetes.io/name: pnciO app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-additional-controllers - namespace: default + name: tDyp0579ogHIu-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -27903,6 +23665,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -27913,6 +23703,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -27927,10 +23727,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -27939,108 +23741,37 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDyp0579ogHIu-election-role -subjects: -- kind: ServiceAccount - name: Zihc6G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - B11cb: P1mQky - creationTimestamp: null - labels: - Q3Y: wWGGlI - ZgcMSFjkA: f0Je - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: pnciO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDyp0579ogHIu -subjects: -- kind: ServiceAccount - name: Zihc6G - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: B11cb: P1mQky @@ -28053,12 +23784,11 @@ metadata: app.kubernetes.io/name: pnciO app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-additional-controllers - namespace: default + name: tDyp0579ogHIu-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDyp0579ogHIu-additional-controllers + kind: ClusterRole + name: tDyp0579ogHIu-default subjects: - kind: ServiceAccount name: Zihc6G @@ -28066,7 +23796,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: B11cb: P1mQky @@ -28079,12 +23809,11 @@ metadata: app.kubernetes.io/name: pnciO app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tDyp0579ogHIu-rpk-bundle - namespace: default + name: tDyp0579ogHIu-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDyp0579ogHIu-rpk-bundle + kind: ClusterRole + name: tDyp0579ogHIu-additional-controllers-default subjects: - kind: ServiceAccount name: Zihc6G @@ -28370,9 +24099,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=XxZ + - --webhook-enabled=false - --configurator-tag=zo - --configurator-base-image=bqtHD7 - Rlceb @@ -28799,9 +24527,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=G3wz + - --webhook-enabled=false - --configurator-tag=RK6Ba96O - --configurator-base-image=16DN2 - wK @@ -29077,7 +24804,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 uUW: Us - name: 6z0k3NX-metrics-reader + name: 6z0k3NX-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -29114,9 +24841,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -29126,144 +24853,66 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - events verbs: - - get + - create - patch - - update - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - schemas - - topics - - users + - leases verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumes verbs: - - create - - delete - get - list - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - IkOwwd: 37ZfCkM - M3fH: xmhoB - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 9wjOhT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - uUW: Us - name: 6z0k3NX-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 6z0k3NX-default -subjects: -- kind: ServiceAccount - name: 9xg1jKJ - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - IkOwwd: 37ZfCkM - M3fH: xmhoB - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 9wjOhT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - uUW: Us - name: 6z0k3NX-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - nodes verbs: - - create - - patch + - get - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - IkOwwd: 37ZfCkM - M3fH: xmhoB - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 9wjOhT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - uUW: Us - name: 6z0k3NX - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -29357,6 +25006,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -29409,6 +25102,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -29422,97 +25117,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - IkOwwd: 37ZfCkM - M3fH: xmhoB - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 9wjOhT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - uUW: Us - name: 6z0k3NX-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - IkOwwd: 37ZfCkM - M3fH: xmhoB - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 9wjOhT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - uUW: Us - name: 6z0k3NX-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 6z0k3NX-election-role -subjects: -- kind: ServiceAccount - name: 9xg1jKJ - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - IkOwwd: 37ZfCkM - M3fH: xmhoB - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 9wjOhT - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - uUW: Us - name: 6z0k3NX - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 6z0k3NX -subjects: -- kind: ServiceAccount - name: 9xg1jKJ - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: IkOwwd: 37ZfCkM @@ -29523,12 +25130,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 uUW: Us - name: 6z0k3NX-rpk-bundle - namespace: default + name: 6z0k3NX-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 6z0k3NX-rpk-bundle + kind: ClusterRole + name: 6z0k3NX-default subjects: - kind: ServiceAccount name: 9xg1jKJ @@ -29814,9 +25420,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=KMFMJqF + - --webhook-enabled=false - --configurator-tag=NaNHQ74 - --configurator-base-image=MhZp - SkxA4PXfixGo6H @@ -30362,9 +25967,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=SzbHWgTpbD2 + - --webhook-enabled=false - --configurator-tag=jr9 - --configurator-base-image=5Q - gQcl6Ej6 @@ -30898,9 +26502,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=iAMFhZ + - --webhook-enabled=false - --configurator-tag=i6Q4sn53d - --configurator-base-image=P9JMlA - 8kSamSw9 @@ -31529,9 +27132,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=W + - --webhook-enabled=false - --configurator-tag=4hS76 - --configurator-base-image=dOHS - Cz5DsC @@ -32082,9 +27684,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=GyEj + - --webhook-enabled=false - --configurator-tag=C5 - --configurator-base-image=5R2fC0t - 0H @@ -32372,7 +27973,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 oMSwsE1: VOZ x: 4Xx1lbe - name: fjEnE-metrics-reader + name: fjEnE-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -32407,6 +28008,172 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cluster.redpanda.com resources: @@ -32452,10 +28219,9 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -32464,121 +28230,62 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch - apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" + - monitoring.coreos.com resources: - - persistentvolumes + - podmonitors + - servicemonitors verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" + - networking.k8s.io resources: - - persistentvolumes + - ingresses verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - policy resources: - - redpandas + - poddisruptionbudgets verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - - "" + - rbac.authorization.k8s.io resources: - - persistentvolumes + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: fjEnE-default -subjects: -- kind: ServiceAccount - name: dgtMSpw - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -32591,44 +28298,13 @@ metadata: oMSwsE1: VOZ x: 4Xx1lbe name: fjEnE-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: fjEnE-additional-controllers-default -subjects: -- kind: ServiceAccount - name: dgtMSpw - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE-election-role - namespace: default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes verbs: - - create - - delete - - get - - list - patch - - update - - watch - apiGroups: - "" resources: @@ -32637,74 +28313,19 @@ rules: - create - patch - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE - namespace: default -rules: -- apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumeclaims verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - configmaps - pods - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions verbs: - get - list @@ -32712,96 +28333,64 @@ rules: - apiGroups: - apps resources: - - deployments - statefulsets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - batch + - "" resources: - - jobs + - configmaps + - nodes + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - "" resources: - - certificates - - issuers + - persistentvolumes verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - coordination.k8s.io + - cluster.redpanda.com resources: - - leases + - redpandas verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - monitoring.coreos.com + - "" resources: - - podmonitors - - servicemonitors + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - networking.k8s.io + - "" resources: - - ingresses + - configmaps + - pods + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - policy + - "" resources: - - poddisruptionbudgets + - persistentvolumeclaims verbs: - - create - delete - get - list @@ -32809,105 +28398,39 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - rolebindings - - roles + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE-additional-controllers - namespace: default -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - secrets - verbs: - - get - - list - - watch - apiGroups: - apps resources: - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims + - statefulsets/status verbs: - - delete - - get - - list - patch - update - apiGroups: - - "" + - cluster.redpanda.com resources: - - persistentvolumeclaims + - redpandas verbs: - - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list - - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - patch - - update + - watch - apiGroups: - "" resources: @@ -32921,94 +28444,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: fjEnE-election-role -subjects: -- kind: ServiceAccount - name: dgtMSpw - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RYuL - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oMSwsE1: VOZ - x: 4Xx1lbe - name: fjEnE - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: fjEnE -subjects: -- kind: ServiceAccount - name: dgtMSpw - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -33018,12 +28456,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 oMSwsE1: VOZ x: 4Xx1lbe - name: fjEnE-additional-controllers - namespace: default + name: fjEnE-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: fjEnE-additional-controllers + kind: ClusterRole + name: fjEnE-default subjects: - kind: ServiceAccount name: dgtMSpw @@ -33031,9 +28468,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -33043,12 +28480,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 oMSwsE1: VOZ x: 4Xx1lbe - name: fjEnE-rpk-bundle - namespace: default + name: fjEnE-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: fjEnE-rpk-bundle + kind: ClusterRole + name: fjEnE-additional-controllers-default subjects: - kind: ServiceAccount name: dgtMSpw @@ -33254,9 +28690,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=WFheHptfh + - --webhook-enabled=false - --configurator-tag=DV - --configurator-base-image=CABd5 - E9Eu @@ -33791,9 +29226,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level= + - --webhook-enabled=false - --configurator-tag=95V5Gm - --configurator-base-image=h - JFs @@ -34207,9 +29641,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=yGdn + - --webhook-enabled=false - --configurator-tag=YHoj - --configurator-base-image=OjO - krIILz @@ -34471,7 +29904,7 @@ metadata: app.kubernetes.io/name: ATIdy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-metrics-reader + name: dLmCJ99UDA-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -34506,9 +29939,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -34518,42 +29951,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -34562,203 +29969,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - 5M5X: Fi - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ATIdy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-additional-controllers-default -rules: - apiGroups: - "" resources: - persistentvolumes verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - 5M5X: Fi - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ATIdy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dLmCJ99UDA-default -subjects: -- kind: ServiceAccount - name: ttC - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - 5M5X: Fi - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ATIdy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dLmCJ99UDA-additional-controllers-default -subjects: -- kind: ServiceAccount - name: ttC - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - 5M5X: Fi - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ATIdy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - 5M5X: Fi - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ATIdy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -34852,6 +30104,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -34904,6 +30200,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -34917,9 +30215,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: 5M5X: Fi @@ -34928,9 +30226,14 @@ metadata: app.kubernetes.io/name: ATIdy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-additional-controllers - namespace: default + name: dLmCJ99UDA-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -34964,6 +30267,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -34974,6 +30305,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -34988,10 +30329,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -35000,6 +30343,23 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -35013,33 +30373,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - 5M5X: Fi - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ATIdy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dLmCJ99UDA-election-role -subjects: -- kind: ServiceAccount - name: ttC - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: 5M5X: Fi @@ -35048,12 +30384,11 @@ metadata: app.kubernetes.io/name: ATIdy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA - namespace: default + name: dLmCJ99UDA-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: dLmCJ99UDA + kind: ClusterRole + name: dLmCJ99UDA-default subjects: - kind: ServiceAccount name: ttC @@ -35061,9 +30396,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: 5M5X: Fi @@ -35072,12 +30407,11 @@ metadata: app.kubernetes.io/name: ATIdy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: dLmCJ99UDA-additional-controllers - namespace: default + name: dLmCJ99UDA-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: dLmCJ99UDA-additional-controllers + kind: ClusterRole + name: dLmCJ99UDA-additional-controllers-default subjects: - kind: ServiceAccount name: ttC @@ -35378,9 +30712,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=K + - --webhook-enabled=false - --configurator-tag=X - --configurator-base-image=Olq - jq37e @@ -35614,7 +30947,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 vAU3IVb: K0a x: c - name: I5FRf-metrics-reader + name: I5FRf-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -35650,6 +30983,172 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cluster.redpanda.com resources: @@ -35695,10 +31194,9 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -35707,167 +31205,35 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - j: cfo02 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - vAU3IVb: K0a - x: c - name: I5FRf-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - - "" + - monitoring.coreos.com resources: - - persistentvolumes + - podmonitors + - servicemonitors verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - - "" + - networking.k8s.io resources: - - persistentvolumes + - ingresses verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - j: cfo02 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - vAU3IVb: K0a - x: c - name: I5FRf-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: I5FRf-default -subjects: -- kind: ServiceAccount - name: jPVwE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - j: cfo02 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - vAU3IVb: K0a - x: c - name: I5FRf-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: I5FRf-additional-controllers-default -subjects: -- kind: ServiceAccount - name: jPVwE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - j: cfo02 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - vAU3IVb: K0a - x: c - name: I5FRf-election-role - namespace: default -rules: -- apiGroups: - - "" + - policy resources: - - configmaps + - poddisruptionbudgets verbs: - create - delete @@ -35877,16 +31243,12 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - rbac.authorization.k8s.io resources: - - leases + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: - create - delete @@ -35898,7 +31260,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: j: cfo02 @@ -35911,37 +31273,14 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 vAU3IVb: K0a x: c - name: I5FRf - namespace: default + name: I5FRf-additional-controllers-default rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - - delete - - get - - list - patch - - update - - watch - apiGroups: - "" resources: @@ -35950,151 +31289,79 @@ rules: - create - patch - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - "" resources: - - deployments - - statefulsets + - persistentvolumeclaims verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - - autoscaling + - "" resources: - - horizontalpodautoscalers + - pods + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - batch + - apps resources: - - jobs + - statefulsets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - "" resources: - - certificates - - issuers + - configmaps + - nodes + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumes verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - monitoring.coreos.com + - cluster.redpanda.com resources: - - podmonitors - - servicemonitors + - redpandas verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - networking.k8s.io + - "" resources: - - ingresses + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - policy + - "" resources: - - poddisruptionbudgets + - configmaps + - pods + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - j: cfo02 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - vAU3IVb: K0a - x: c - name: I5FRf-additional-controllers - namespace: default -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - apiGroups: - "" resources: @@ -36103,60 +31370,43 @@ rules: - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - pods - - secrets + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps resources: - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims + - statefulsets/status verbs: - - delete - - get - - list - patch - update - apiGroups: - - "" + - cluster.redpanda.com resources: - - persistentvolumeclaims + - redpandas verbs: - - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list - - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - patch - - update + - watch - apiGroups: - "" resources: @@ -36170,33 +31420,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - j: cfo02 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: A - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - vAU3IVb: K0a - x: c - name: I5FRf-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: I5FRf-election-role -subjects: -- kind: ServiceAccount - name: jPVwE - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: j: cfo02 @@ -36209,12 +31433,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 vAU3IVb: K0a x: c - name: I5FRf - namespace: default + name: I5FRf-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: I5FRf + kind: ClusterRole + name: I5FRf-default subjects: - kind: ServiceAccount name: jPVwE @@ -36222,7 +31445,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: j: cfo02 @@ -36235,12 +31458,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 vAU3IVb: K0a x: c - name: I5FRf-additional-controllers - namespace: default + name: I5FRf-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: I5FRf-additional-controllers + kind: ClusterRole + name: I5FRf-additional-controllers-default subjects: - kind: ServiceAccount name: jPVwE @@ -36641,9 +31863,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=10rTK + - --webhook-enabled=false - --configurator-tag=VPI - --configurator-base-image=VX7rtbd - Fpr @@ -37229,9 +32450,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=D3sVjB0WumuG + - --webhook-enabled=false - --configurator-tag=l0yDQ3G - --configurator-base-image=5SfzkB5M1vx - J @@ -37509,7 +32729,7 @@ metadata: app.kubernetes.io/name: 23c app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Uu-metrics-reader + name: Uu-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -37546,9 +32766,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -37558,144 +32778,66 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - events verbs: - - get + - create - patch - - update - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - schemas - - topics - - users + - leases verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumes verbs: - - create - - delete - get - list - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - zdPL: 3ZqroY - creationTimestamp: null - labels: - 2Q3: 4eG3k4Q - 3iy: cFa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 23c - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Uu-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Uu-default -subjects: -- kind: ServiceAccount - name: 5rSJNtq - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - zdPL: 3ZqroY - creationTimestamp: null - labels: - 2Q3: 4eG3k4Q - 3iy: cFa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 23c - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Uu-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - nodes verbs: - - create - - patch + - get - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - zdPL: 3ZqroY - creationTimestamp: null - labels: - 2Q3: 4eG3k4Q - 3iy: cFa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 23c - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Uu - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -37789,6 +32931,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -37841,6 +33027,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -37854,95 +33042,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - zdPL: 3ZqroY - creationTimestamp: null - labels: - 2Q3: 4eG3k4Q - 3iy: cFa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 23c - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Uu-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - zdPL: 3ZqroY - creationTimestamp: null - labels: - 2Q3: 4eG3k4Q - 3iy: cFa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 23c - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Uu-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Uu-election-role -subjects: -- kind: ServiceAccount - name: 5rSJNtq - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - zdPL: 3ZqroY - creationTimestamp: null - labels: - 2Q3: 4eG3k4Q - 3iy: cFa - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 23c - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Uu - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Uu -subjects: -- kind: ServiceAccount - name: 5rSJNtq - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: zdPL: 3ZqroY @@ -37955,12 +33055,11 @@ metadata: app.kubernetes.io/name: 23c app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Uu-rpk-bundle - namespace: default + name: Uu-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Uu-rpk-bundle + kind: ClusterRole + name: Uu-default subjects: - kind: ServiceAccount name: 5rSJNtq @@ -38364,9 +33463,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level= + - --webhook-enabled=false - --configurator-tag=QiVn05LHP7O - --configurator-base-image=a7e7 command: @@ -39045,9 +34143,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=YQXlr + - --webhook-enabled=false - --configurator-tag=H - --configurator-base-image=Nt - KeFi @@ -39587,9 +34684,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=TwQtVGrOeJf + - --webhook-enabled=false - --configurator-tag=go - --configurator-base-image=MRDUBfo4 command: @@ -39843,7 +34939,7 @@ metadata: app.kubernetes.io/name: kF app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-metrics-reader + name: oL1SSfzH9d-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -39881,9 +34977,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -39893,42 +34989,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -39937,218 +35007,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - Ko0pmEw: 59Cu - Q: 3fQgP - creationTimestamp: null - labels: - 5ga: L6kCMw6j - NImdN7q5tNW: UPT - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Ko0pmEw: 59Cu - Q: 3fQgP - creationTimestamp: null - labels: - 5ga: L6kCMw6j - NImdN7q5tNW: UPT - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: oL1SSfzH9d-default -subjects: -- kind: ServiceAccount - name: i7DA - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Ko0pmEw: 59Cu - Q: 3fQgP - creationTimestamp: null - labels: - 5ga: L6kCMw6j - NImdN7q5tNW: UPT - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: oL1SSfzH9d-additional-controllers-default -subjects: -- kind: ServiceAccount - name: i7DA - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Ko0pmEw: 59Cu - Q: 3fQgP - creationTimestamp: null - labels: - 5ga: L6kCMw6j - NImdN7q5tNW: UPT - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Ko0pmEw: 59Cu - Q: 3fQgP - creationTimestamp: null - labels: - 5ga: L6kCMw6j - NImdN7q5tNW: UPT - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -40242,6 +35142,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -40294,6 +35238,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -40307,7 +35253,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: Ko0pmEw: 59Cu @@ -40321,9 +35267,14 @@ metadata: app.kubernetes.io/name: kF app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-additional-controllers - namespace: default + name: oL1SSfzH9d-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -40357,6 +35308,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -40367,6 +35346,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -40381,10 +35370,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -40393,6 +35384,23 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -40406,34 +35414,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Ko0pmEw: 59Cu - Q: 3fQgP - creationTimestamp: null - labels: - 5ga: L6kCMw6j - NImdN7q5tNW: UPT - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: oL1SSfzH9d-election-role -subjects: -- kind: ServiceAccount - name: i7DA - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Ko0pmEw: 59Cu @@ -40447,12 +35428,11 @@ metadata: app.kubernetes.io/name: kF app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d - namespace: default + name: oL1SSfzH9d-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: oL1SSfzH9d + kind: ClusterRole + name: oL1SSfzH9d-default subjects: - kind: ServiceAccount name: i7DA @@ -40460,7 +35440,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Ko0pmEw: 59Cu @@ -40474,12 +35454,11 @@ metadata: app.kubernetes.io/name: kF app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: oL1SSfzH9d-additional-controllers - namespace: default + name: oL1SSfzH9d-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: oL1SSfzH9d-additional-controllers + kind: ClusterRole + name: oL1SSfzH9d-additional-controllers-default subjects: - kind: ServiceAccount name: i7DA @@ -40806,9 +35785,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=EFXhBX + - --webhook-enabled=false - --configurator-tag=pneZv - --configurator-base-image=KbWqGz - 5O @@ -41013,7 +35991,7 @@ metadata: app.kubernetes.io/name: icwMYEubJ app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre-metrics-reader + name: qVYvaMYre-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -41049,6 +36027,172 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cluster.redpanda.com resources: @@ -41093,206 +36237,6 @@ rules: - patch - update - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Hb: p6nsnNym - XCiiUj: V9 - nfDuOzQO: w - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: icwMYEubJ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: qVYvaMYre-default -subjects: -- kind: ServiceAccount - name: Rsep9k - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Hb: p6nsnNym - XCiiUj: V9 - nfDuOzQO: w - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: icwMYEubJ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Hb: p6nsnNym - XCiiUj: V9 - nfDuOzQO: w - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: icwMYEubJ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre - namespace: default -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - deployments - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resources: - - certificates - - issuers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - coordination.k8s.io resources: @@ -41345,6 +36289,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -41358,95 +36304,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Hb: p6nsnNym - XCiiUj: V9 - nfDuOzQO: w - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: icwMYEubJ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Hb: p6nsnNym - XCiiUj: V9 - nfDuOzQO: w - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: icwMYEubJ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: qVYvaMYre-election-role -subjects: -- kind: ServiceAccount - name: Rsep9k - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Hb: p6nsnNym - XCiiUj: V9 - nfDuOzQO: w - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: icwMYEubJ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: qVYvaMYre -subjects: -- kind: ServiceAccount - name: Rsep9k - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Hb: p6nsnNym @@ -41459,12 +36317,11 @@ metadata: app.kubernetes.io/name: icwMYEubJ app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: qVYvaMYre-rpk-bundle - namespace: default + name: qVYvaMYre-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: qVYvaMYre-rpk-bundle + kind: ClusterRole + name: qVYvaMYre-default subjects: - kind: ServiceAccount name: Rsep9k @@ -41819,9 +36676,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=ozF + - --webhook-enabled=false - --configurator-tag=qPbAyXLw - --configurator-base-image=CPQ9Y6 command: @@ -42047,7 +36903,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 fuVZ: gcPCqrc0l helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-metrics-reader + name: RxVwZrtkv-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -42083,9 +36939,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -42095,42 +36951,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -42139,208 +36969,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - Tett6RPd3GK0SY: SS0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DFwU - app.kubernetes.io/version: v25.1.1-beta3 - fuVZ: gcPCqrc0l - helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Tett6RPd3GK0SY: SS0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DFwU - app.kubernetes.io/version: v25.1.1-beta3 - fuVZ: gcPCqrc0l - helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: RxVwZrtkv-default -subjects: -- kind: ServiceAccount - name: tSPxL1Cf1HO9FjR - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Tett6RPd3GK0SY: SS0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DFwU - app.kubernetes.io/version: v25.1.1-beta3 - fuVZ: gcPCqrc0l - helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: RxVwZrtkv-additional-controllers-default -subjects: -- kind: ServiceAccount - name: tSPxL1Cf1HO9FjR - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Tett6RPd3GK0SY: SS0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DFwU - app.kubernetes.io/version: v25.1.1-beta3 - fuVZ: gcPCqrc0l - helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Tett6RPd3GK0SY: SS0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DFwU - app.kubernetes.io/version: v25.1.1-beta3 - fuVZ: gcPCqrc0l - helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -42434,6 +37104,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -42486,6 +37200,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -42499,7 +37215,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: Tett6RPd3GK0SY: SS0 @@ -42511,9 +37227,14 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 fuVZ: gcPCqrc0l helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-additional-controllers - namespace: default + name: RxVwZrtkv-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -42547,6 +37268,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -42557,6 +37306,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -42571,10 +37330,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -42583,6 +37344,23 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -42596,32 +37374,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Tett6RPd3GK0SY: SS0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DFwU - app.kubernetes.io/version: v25.1.1-beta3 - fuVZ: gcPCqrc0l - helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: RxVwZrtkv-election-role -subjects: -- kind: ServiceAccount - name: tSPxL1Cf1HO9FjR - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Tett6RPd3GK0SY: SS0 @@ -42633,12 +37386,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 fuVZ: gcPCqrc0l helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv - namespace: default + name: RxVwZrtkv-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: RxVwZrtkv + kind: ClusterRole + name: RxVwZrtkv-default subjects: - kind: ServiceAccount name: tSPxL1Cf1HO9FjR @@ -42646,7 +37398,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Tett6RPd3GK0SY: SS0 @@ -42658,12 +37410,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 fuVZ: gcPCqrc0l helm.sh/chart: operator-25.1.1-beta3 - name: RxVwZrtkv-additional-controllers - namespace: default + name: RxVwZrtkv-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: RxVwZrtkv-additional-controllers + kind: ClusterRole + name: RxVwZrtkv-additional-controllers-default subjects: - kind: ServiceAccount name: tSPxL1Cf1HO9FjR @@ -42965,9 +37716,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=bVWCG + - --webhook-enabled=false - --configurator-tag=CyopzJ - --configurator-base-image=U4heCUyQYeE - 6ArBn @@ -43269,7 +38019,7 @@ metadata: app.kubernetes.io/name: 6iZG app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: RAyK-metrics-reader + name: RAyK-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -43305,22 +38055,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -43332,39 +38086,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -43374,11 +38156,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -43392,11 +38181,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -43407,9 +38219,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -43419,34 +38231,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -43456,34 +38288,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -43493,150 +38339,156 @@ metadata: app.kubernetes.io/name: 6iZG app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: RAyK-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: RAyK-default -subjects: -- kind: ServiceAccount - name: RAyK - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6iZG - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: RAyK-election-role - namespace: default + name: RAyK-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6iZG - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: RAyK - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6iZG - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: RAyK-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 6iZG - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: RAyK-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: RAyK-election-role -subjects: -- kind: ServiceAccount - name: RAyK - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -43644,12 +38496,11 @@ metadata: app.kubernetes.io/name: 6iZG app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: RAyK - namespace: default + name: RAyK-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: RAyK + kind: ClusterRole + name: RAyK-default subjects: - kind: ServiceAccount name: RAyK @@ -43657,9 +38508,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -43667,12 +38518,11 @@ metadata: app.kubernetes.io/name: 6iZG app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: RAyK-rpk-bundle - namespace: default + name: RAyK-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: RAyK-rpk-bundle + kind: ClusterRole + name: RAyK-additional-controllers-default subjects: - kind: ServiceAccount name: RAyK @@ -43759,6 +38609,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=Y01SjB - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -44030,7 +38881,7 @@ metadata: app.kubernetes.io/name: hsmvzpSm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W-metrics-reader + name: tyx5W-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -44066,22 +38917,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -44093,39 +38948,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -44135,11 +39018,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -44153,11 +39043,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -44168,9 +39081,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -44180,34 +39093,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -44217,34 +39150,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -44254,150 +39201,156 @@ metadata: app.kubernetes.io/name: hsmvzpSm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tyx5W-default -subjects: -- kind: ServiceAccount - name: tyx5W - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hsmvzpSm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W-election-role - namespace: default + name: tyx5W-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hsmvzpSm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hsmvzpSm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hsmvzpSm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: tyx5W-election-role -subjects: -- kind: ServiceAccount - name: tyx5W - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -44405,12 +39358,11 @@ metadata: app.kubernetes.io/name: hsmvzpSm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W - namespace: default + name: tyx5W-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: tyx5W + kind: ClusterRole + name: tyx5W-default subjects: - kind: ServiceAccount name: tyx5W @@ -44418,9 +39370,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -44428,12 +39380,11 @@ metadata: app.kubernetes.io/name: hsmvzpSm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: tyx5W-rpk-bundle - namespace: default + name: tyx5W-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: tyx5W-rpk-bundle + kind: ClusterRole + name: tyx5W-additional-controllers-default subjects: - kind: ServiceAccount name: tyx5W @@ -44523,6 +39474,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=H1NDG8 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -44806,7 +39758,7 @@ metadata: app.kubernetes.io/name: njC0cLDExDA app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS-metrics-reader + name: 89IgS-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -44842,22 +39794,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -44869,39 +39825,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -44911,11 +39895,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -44929,11 +39920,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -44944,9 +39958,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -44956,34 +39970,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -44993,34 +40027,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -45030,150 +40078,156 @@ metadata: app.kubernetes.io/name: njC0cLDExDA app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 89IgS-default -subjects: -- kind: ServiceAccount - name: fEL2 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: njC0cLDExDA - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS-election-role - namespace: default + name: 89IgS-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: njC0cLDExDA - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: njC0cLDExDA - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: njC0cLDExDA - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 89IgS-election-role -subjects: -- kind: ServiceAccount - name: fEL2 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -45181,12 +40235,11 @@ metadata: app.kubernetes.io/name: njC0cLDExDA app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS - namespace: default + name: 89IgS-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 89IgS + kind: ClusterRole + name: 89IgS-default subjects: - kind: ServiceAccount name: fEL2 @@ -45194,9 +40247,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -45204,12 +40257,11 @@ metadata: app.kubernetes.io/name: njC0cLDExDA app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 89IgS-rpk-bundle - namespace: default + name: 89IgS-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 89IgS-rpk-bundle + kind: ClusterRole + name: 89IgS-additional-controllers-default subjects: - kind: ServiceAccount name: fEL2 @@ -45301,6 +40353,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=SQz - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -45586,7 +40639,7 @@ metadata: app.kubernetes.io/name: Re app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0-metrics-reader + name: fRjXK1u0-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -45624,22 +40677,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -45651,39 +40708,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -45693,11 +40778,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -45711,11 +40803,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -45726,9 +40841,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -45738,34 +40853,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -45775,58 +40910,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - aG4: btgx7ZmcV - gwBKGQjyw: XzUFAE - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Re - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: fRjXK1u0-default -subjects: -- kind: ServiceAccount - name: fRjXK1u0 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: aG4: btgx7ZmcV @@ -45838,132 +40963,154 @@ metadata: app.kubernetes.io/name: Re app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0-election-role - namespace: default + name: fRjXK1u0-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - aG4: btgx7ZmcV - gwBKGQjyw: XzUFAE - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Re - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0 - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - aG4: btgx7ZmcV - gwBKGQjyw: XzUFAE - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Re - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - aG4: btgx7ZmcV - gwBKGQjyw: XzUFAE - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Re - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: fRjXK1u0-election-role -subjects: -- kind: ServiceAccount - name: fRjXK1u0 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: aG4: btgx7ZmcV @@ -45975,12 +41122,11 @@ metadata: app.kubernetes.io/name: Re app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0 - namespace: default + name: fRjXK1u0-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: fRjXK1u0 + kind: ClusterRole + name: fRjXK1u0-default subjects: - kind: ServiceAccount name: fRjXK1u0 @@ -45988,7 +41134,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: aG4: btgx7ZmcV @@ -46000,12 +41146,11 @@ metadata: app.kubernetes.io/name: Re app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: fRjXK1u0-rpk-bundle - namespace: default + name: fRjXK1u0-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: fRjXK1u0-rpk-bundle + kind: ClusterRole + name: fRjXK1u0-additional-controllers-default subjects: - kind: ServiceAccount name: fRjXK1u0 @@ -46098,6 +41243,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=z1LU - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -46379,7 +41525,7 @@ metadata: app.kubernetes.io/name: eMNuQ app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS-metrics-reader + name: 2jUS-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -46418,22 +41564,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -46445,39 +41595,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -46487,11 +41665,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -46505,11 +41690,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -46520,9 +41728,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -46532,34 +41740,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -46569,59 +41797,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - ybiJQZ: Ga - creationTimestamp: null - labels: - 1c0jr: ImaKzYy - afd: Q9L - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eMNuQ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 2jUS-default -subjects: -- kind: ServiceAccount - name: 2jUS - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: ybiJQZ: Ga @@ -46634,135 +41851,154 @@ metadata: app.kubernetes.io/name: eMNuQ app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS-election-role - namespace: default + name: 2jUS-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - ybiJQZ: Ga - creationTimestamp: null - labels: - 1c0jr: ImaKzYy - afd: Q9L - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eMNuQ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - ybiJQZ: Ga - creationTimestamp: null - labels: - 1c0jr: ImaKzYy - afd: Q9L - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eMNuQ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - ybiJQZ: Ga - creationTimestamp: null - labels: - 1c0jr: ImaKzYy - afd: Q9L - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: eMNuQ - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2jUS-election-role -subjects: -- kind: ServiceAccount - name: 2jUS - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: ybiJQZ: Ga @@ -46775,12 +42011,11 @@ metadata: app.kubernetes.io/name: eMNuQ app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS - namespace: default + name: 2jUS-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2jUS + kind: ClusterRole + name: 2jUS-default subjects: - kind: ServiceAccount name: 2jUS @@ -46788,7 +42023,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: ybiJQZ: Ga @@ -46801,12 +42036,11 @@ metadata: app.kubernetes.io/name: eMNuQ app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2jUS-rpk-bundle - namespace: default + name: 2jUS-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2jUS-rpk-bundle + kind: ClusterRole + name: 2jUS-additional-controllers-default subjects: - kind: ServiceAccount name: 2jUS @@ -46902,6 +42136,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=yVlZuzf - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -47190,7 +42425,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kP0Mu: tnINl - name: WM-metrics-reader + name: WM-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -47227,22 +42462,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -47254,39 +42493,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -47296,11 +42563,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -47314,11 +42588,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -47329,9 +42626,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -47341,34 +42638,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -47378,34 +42695,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -47416,154 +42747,156 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kP0Mu: tnINl - name: WM-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: WM-default -subjects: -- kind: ServiceAccount - name: WM - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hJkIJY5Y - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kP0Mu: tnINl - name: WM-election-role - namespace: default + name: WM-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hJkIJY5Y - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kP0Mu: tnINl - name: WM - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hJkIJY5Y - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kP0Mu: tnINl - name: WM-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: hJkIJY5Y - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - kP0Mu: tnINl - name: WM-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM-election-role -subjects: -- kind: ServiceAccount - name: WM - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -47572,12 +42905,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kP0Mu: tnINl - name: WM - namespace: default + name: WM-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM + kind: ClusterRole + name: WM-default subjects: - kind: ServiceAccount name: WM @@ -47585,9 +42917,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -47596,12 +42928,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 kP0Mu: tnINl - name: WM-rpk-bundle - namespace: default + name: WM-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: WM-rpk-bundle + kind: ClusterRole + name: WM-additional-controllers-default subjects: - kind: ServiceAccount name: WM @@ -47694,6 +43025,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=caaG - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -48083,6 +43415,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=smF3 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -48465,6 +43798,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=Co - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -48843,7 +44177,7 @@ metadata: app.kubernetes.io/name: fgsJm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC-metrics-reader + name: nLM2irjC-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -48879,22 +44213,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -48906,39 +44244,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -48948,11 +44314,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -48966,11 +44339,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -48981,9 +44377,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -48993,34 +44389,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -49030,34 +44446,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -49067,150 +44497,156 @@ metadata: app.kubernetes.io/name: fgsJm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nLM2irjC-default -subjects: -- kind: ServiceAccount - name: 2PyZZ8ZNsM - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: fgsJm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC-election-role - namespace: default + name: nLM2irjC-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: fgsJm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: fgsJm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: fgsJm - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nLM2irjC-election-role -subjects: -- kind: ServiceAccount - name: 2PyZZ8ZNsM - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -49218,12 +44654,11 @@ metadata: app.kubernetes.io/name: fgsJm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC - namespace: default + name: nLM2irjC-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: nLM2irjC + kind: ClusterRole + name: nLM2irjC-default subjects: - kind: ServiceAccount name: 2PyZZ8ZNsM @@ -49231,9 +44666,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -49241,12 +44676,11 @@ metadata: app.kubernetes.io/name: fgsJm app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: nLM2irjC-rpk-bundle - namespace: default + name: nLM2irjC-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: nLM2irjC-rpk-bundle + kind: ClusterRole + name: nLM2irjC-additional-controllers-default subjects: - kind: ServiceAccount name: 2PyZZ8ZNsM @@ -49341,6 +44775,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=vMA - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -49638,7 +45073,7 @@ metadata: app.kubernetes.io/name: zUC app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX-metrics-reader + name: X374QF3AYX-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -49674,22 +45109,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -49701,39 +45140,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -49743,11 +45210,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -49761,11 +45235,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -49776,9 +45273,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -49788,34 +45285,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -49825,34 +45342,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -49862,150 +45393,156 @@ metadata: app.kubernetes.io/name: zUC app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: X374QF3AYX-default -subjects: -- kind: ServiceAccount - name: PiQzKZrHGl - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zUC - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX-election-role - namespace: default + name: X374QF3AYX-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zUC - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zUC - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zUC - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: X374QF3AYX-election-role -subjects: -- kind: ServiceAccount - name: PiQzKZrHGl - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -50013,12 +45550,11 @@ metadata: app.kubernetes.io/name: zUC app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX - namespace: default + name: X374QF3AYX-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: X374QF3AYX + kind: ClusterRole + name: X374QF3AYX-default subjects: - kind: ServiceAccount name: PiQzKZrHGl @@ -50026,9 +45562,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -50036,12 +45572,11 @@ metadata: app.kubernetes.io/name: zUC app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: X374QF3AYX-rpk-bundle - namespace: default + name: X374QF3AYX-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: X374QF3AYX-rpk-bundle + kind: ClusterRole + name: X374QF3AYX-additional-controllers-default subjects: - kind: ServiceAccount name: PiQzKZrHGl @@ -50133,6 +45668,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=d - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -50440,7 +45976,7 @@ metadata: app.kubernetes.io/name: 8V1wVzO app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: G-metrics-reader + name: G-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -50479,22 +46015,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -50506,39 +46046,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -50548,30 +46116,23 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update - apiGroups: - apps resources: - - deployments - - statefulsets + - controllerrevisions verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - apps resources: - - certificates - - clusterissuers - - issuers + - deployments + - statefulsets verbs: - create - delete @@ -50581,9 +46142,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - autoscaling resources: - - ingresses + - horizontalpodautoscalers verbs: - create - delete @@ -50593,9 +46154,9 @@ rules: - update - watch - apiGroups: - - policy + - batch resources: - - poddisruptionbudgets + - jobs verbs: - create - delete @@ -50605,22 +46166,22 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - cert-manager.io resources: - - clusterrolebindings - - clusterroles + - certificates + - issuers verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters - - consoles + - redpandas verbs: - create - delete @@ -50630,78 +46191,41 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/finalizers - - consoles/finalizers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - patch - update - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/status - - consoles/status + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - get - patch - update - apiGroups: - - scheduling.k8s.io + - cluster.redpanda.com resources: - - priorityclasses + - schemas + - topics + - users verbs: - get - list + - patch + - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Hp8LxD6: 9oZ3ip - Jw: Jn - lKmeE2: L - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8V1wVzO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: G-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: G-default -subjects: -- kind: ServiceAccount - name: Fzbi9OkP - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Hp8LxD6: 9oZ3ip - Jw: Jn - lKmeE2: L - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8V1wVzO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: G-election-role - namespace: default -rules: - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -50711,16 +46235,22 @@ rules: - update - watch - apiGroups: - - "" + - monitoring.coreos.com resources: - - events + - podmonitors + - servicemonitors verbs: - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - networking.k8s.io resources: - - leases + - ingresses verbs: - create - delete @@ -50729,127 +46259,37 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Hp8LxD6: 9oZ3ip - Jw: Jn - lKmeE2: L - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8V1wVzO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: G - namespace: default -rules: - apiGroups: - - "" + - policy resources: - - persistentvolumeclaims - - pods + - poddisruptionbudgets verbs: + - create - delete - get - list + - patch + - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Hp8LxD6: 9oZ3ip - Jw: Jn - lKmeE2: L - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8V1wVzO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: G-rpk-bundle - namespace: default -rules: - apiGroups: - - "" + - rbac.authorization.k8s.io resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Hp8LxD6: 9oZ3ip - Jw: Jn - lKmeE2: L - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8V1wVzO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: G-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: G-election-role -subjects: -- kind: ServiceAccount - name: Fzbi9OkP - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Hp8LxD6: 9oZ3ip - Jw: Jn - lKmeE2: L - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8V1wVzO - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: G - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: G -subjects: -- kind: ServiceAccount - name: Fzbi9OkP - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Hp8LxD6: 9oZ3ip @@ -50862,12 +46302,11 @@ metadata: app.kubernetes.io/name: 8V1wVzO app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: G-rpk-bundle - namespace: default + name: G-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: G-rpk-bundle + kind: ClusterRole + name: G-default subjects: - kind: ServiceAccount name: Fzbi9OkP @@ -51125,6 +46564,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=OzauffS1XLt - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -51423,7 +46863,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 jcF: qXntI - name: tDaA-metrics-reader + name: tDaA-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -51461,22 +46901,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -51488,39 +46932,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -51530,11 +47002,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -51548,11 +47027,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -51563,9 +47065,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -51575,34 +47077,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -51612,34 +47134,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -51651,158 +47187,156 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 jcF: qXntI - name: tDaA-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tDaA-default -subjects: -- kind: ServiceAccount - name: Z20j25RfqSp - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - AWBTKJBE3: lLUGUf - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: JhtIXu - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jcF: qXntI - name: tDaA-election-role - namespace: default + name: tDaA-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - AWBTKJBE3: lLUGUf - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: JhtIXu - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jcF: qXntI - name: tDaA - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - AWBTKJBE3: lLUGUf - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: JhtIXu - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jcF: qXntI - name: tDaA-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - AWBTKJBE3: lLUGUf - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: JhtIXu - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jcF: qXntI - name: tDaA-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDaA-election-role -subjects: -- kind: ServiceAccount - name: Z20j25RfqSp - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: AWBTKJBE3: lLUGUf @@ -51812,12 +47346,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 jcF: qXntI - name: tDaA - namespace: default + name: tDaA-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDaA + kind: ClusterRole + name: tDaA-default subjects: - kind: ServiceAccount name: Z20j25RfqSp @@ -51825,9 +47358,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: AWBTKJBE3: lLUGUf @@ -51837,12 +47370,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 jcF: qXntI - name: tDaA-rpk-bundle - namespace: default + name: tDaA-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: tDaA-rpk-bundle + kind: ClusterRole + name: tDaA-additional-controllers-default subjects: - kind: ServiceAccount name: Z20j25RfqSp @@ -51939,6 +47471,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=pN6bqJZQR - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -52263,7 +47796,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 j: Wmsdb uS: h6Fj - name: 79ioSjMT8KG-metrics-reader + name: 79ioSjMT8KG-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -52302,22 +47835,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -52329,39 +47866,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -52371,30 +47936,23 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update - apiGroups: - apps resources: - - deployments - - statefulsets + - controllerrevisions verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - apps resources: - - certificates - - clusterissuers - - issuers + - deployments + - statefulsets verbs: - create - delete @@ -52404,9 +47962,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - autoscaling resources: - - ingresses + - horizontalpodautoscalers verbs: - create - delete @@ -52416,9 +47974,9 @@ rules: - update - watch - apiGroups: - - policy + - batch resources: - - poddisruptionbudgets + - jobs verbs: - create - delete @@ -52428,22 +47986,22 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - cert-manager.io resources: - - clusterrolebindings - - clusterroles + - certificates + - issuers verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters - - consoles + - redpandas verbs: - create - delete @@ -52453,78 +48011,41 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/finalizers - - consoles/finalizers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - patch - update - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/status - - consoles/status + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - get - patch - update - apiGroups: - - scheduling.k8s.io + - cluster.redpanda.com resources: - - priorityclasses + - schemas + - topics + - users verbs: - get - list + - patch + - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - L5oVQe9mXi: Ha5na1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZRaS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - j: Wmsdb - uS: h6Fj - name: 79ioSjMT8KG-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 79ioSjMT8KG-default -subjects: -- kind: ServiceAccount - name: 79ioSjMT8KG - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - L5oVQe9mXi: Ha5na1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZRaS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - j: Wmsdb - uS: h6Fj - name: 79ioSjMT8KG-election-role - namespace: default -rules: - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -52534,16 +48055,22 @@ rules: - update - watch - apiGroups: - - "" + - monitoring.coreos.com resources: - - events + - podmonitors + - servicemonitors verbs: - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - networking.k8s.io resources: - - leases + - ingresses verbs: - create - delete @@ -52552,129 +48079,39 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - L5oVQe9mXi: Ha5na1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZRaS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - j: Wmsdb - uS: h6Fj - name: 79ioSjMT8KG - namespace: default -rules: - apiGroups: - - "" + - policy resources: - - persistentvolumeclaims - - pods + - poddisruptionbudgets verbs: + - create - delete - get - list + - patch + - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - L5oVQe9mXi: Ha5na1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZRaS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - j: Wmsdb - uS: h6Fj - name: 79ioSjMT8KG-rpk-bundle - namespace: default -rules: - apiGroups: - - "" + - rbac.authorization.k8s.io resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - L5oVQe9mXi: Ha5na1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZRaS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - j: Wmsdb - uS: h6Fj - name: 79ioSjMT8KG-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 79ioSjMT8KG-election-role -subjects: -- kind: ServiceAccount - name: 79ioSjMT8KG - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - L5oVQe9mXi: Ha5na1 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ZRaS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - j: Wmsdb - uS: h6Fj - name: 79ioSjMT8KG - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 79ioSjMT8KG -subjects: -- kind: ServiceAccount - name: 79ioSjMT8KG - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: L5oVQe9mXi: Ha5na1 @@ -52685,12 +48122,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 j: Wmsdb uS: h6Fj - name: 79ioSjMT8KG-rpk-bundle - namespace: default + name: 79ioSjMT8KG-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 79ioSjMT8KG-rpk-bundle + kind: ClusterRole + name: 79ioSjMT8KG-default subjects: - kind: ServiceAccount name: 79ioSjMT8KG @@ -52960,6 +48396,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=7mzP0 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -53241,7 +48678,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wig: gAae - name: 41nucs5-metrics-reader + name: 41nucs5-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -53280,22 +48717,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -53307,39 +48748,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -53349,11 +48818,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -53367,11 +48843,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -53382,9 +48881,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -53394,34 +48893,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -53431,59 +48950,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - nfk: A5hC - creationTimestamp: null - labels: - aWCYcSH: IIt47c1D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ibdE3 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wig: gAae - name: 41nucs5-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 41nucs5-default -subjects: -- kind: ServiceAccount - name: v1W - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: nfk: A5hC @@ -53496,135 +49004,154 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wig: gAae - name: 41nucs5-election-role - namespace: default + name: 41nucs5-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - nfk: A5hC - creationTimestamp: null - labels: - aWCYcSH: IIt47c1D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ibdE3 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wig: gAae - name: 41nucs5 - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - nfk: A5hC - creationTimestamp: null - labels: - aWCYcSH: IIt47c1D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ibdE3 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wig: gAae - name: 41nucs5-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - nfk: A5hC - creationTimestamp: null - labels: - aWCYcSH: IIt47c1D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ibdE3 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - wig: gAae - name: 41nucs5-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 41nucs5-election-role -subjects: -- kind: ServiceAccount - name: v1W - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: nfk: A5hC @@ -53637,12 +49164,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wig: gAae - name: 41nucs5 - namespace: default + name: 41nucs5-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 41nucs5 + kind: ClusterRole + name: 41nucs5-default subjects: - kind: ServiceAccount name: v1W @@ -53650,7 +49176,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: nfk: A5hC @@ -53663,12 +49189,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 wig: gAae - name: 41nucs5-rpk-bundle - namespace: default + name: 41nucs5-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 41nucs5-rpk-bundle + kind: ClusterRole + name: 41nucs5-additional-controllers-default subjects: - kind: ServiceAccount name: v1W @@ -53848,6 +49373,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=6i5 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -54187,7 +49713,7 @@ metadata: app.kubernetes.io/name: Kcp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu-metrics-reader + name: xtpIQu-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -54226,22 +49752,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -54253,39 +49783,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -54295,11 +49853,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -54313,11 +49878,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -54328,9 +49916,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -54340,34 +49928,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -54377,59 +49985,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - HvdUM8c: xgMVqIkmZB - Sy: 53p2w - Zxp7: CdyC - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Kcp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: xtpIQu-default -subjects: -- kind: ServiceAccount - name: Ev1EfK - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: HvdUM8c: xgMVqIkmZB @@ -54442,135 +50039,154 @@ metadata: app.kubernetes.io/name: Kcp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu-election-role - namespace: default + name: xtpIQu-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - HvdUM8c: xgMVqIkmZB - Sy: 53p2w - Zxp7: CdyC - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Kcp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - HvdUM8c: xgMVqIkmZB - Sy: 53p2w - Zxp7: CdyC - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Kcp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - HvdUM8c: xgMVqIkmZB - Sy: 53p2w - Zxp7: CdyC - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Kcp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: xtpIQu-election-role -subjects: -- kind: ServiceAccount - name: Ev1EfK - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: HvdUM8c: xgMVqIkmZB @@ -54583,12 +50199,11 @@ metadata: app.kubernetes.io/name: Kcp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu - namespace: default + name: xtpIQu-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: xtpIQu + kind: ClusterRole + name: xtpIQu-default subjects: - kind: ServiceAccount name: Ev1EfK @@ -54596,7 +50211,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: HvdUM8c: xgMVqIkmZB @@ -54609,12 +50224,11 @@ metadata: app.kubernetes.io/name: Kcp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: xtpIQu-rpk-bundle - namespace: default + name: xtpIQu-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: xtpIQu-rpk-bundle + kind: ClusterRole + name: xtpIQu-additional-controllers-default subjects: - kind: ServiceAccount name: Ev1EfK @@ -54767,6 +50381,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=irlLOaCak6uG - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -55262,6 +50877,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=x4gaS - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -55796,6 +51412,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=LwcaR - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -56073,7 +51690,7 @@ metadata: app.kubernetes.io/name: axjCvWi app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: PxBN-metrics-reader + name: PxBN-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -56110,22 +51727,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -56137,39 +51758,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -56179,11 +51828,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -56197,11 +51853,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -56212,9 +51891,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -56224,34 +51903,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -56261,57 +51960,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - "": knwqEfPVTu - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: axjCvWi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: PxBN-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: PxBN-default -subjects: -- kind: ServiceAccount - name: hqG9jAF - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: "": knwqEfPVTu @@ -56322,129 +52012,154 @@ metadata: app.kubernetes.io/name: axjCvWi app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: PxBN-election-role - namespace: default + name: PxBN-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": knwqEfPVTu - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: axjCvWi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: PxBN - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - "": knwqEfPVTu - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: axjCvWi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: PxBN-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - "": knwqEfPVTu - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: axjCvWi - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: PxBN-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: PxBN-election-role -subjects: -- kind: ServiceAccount - name: hqG9jAF - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: "": knwqEfPVTu @@ -56455,12 +52170,11 @@ metadata: app.kubernetes.io/name: axjCvWi app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: PxBN - namespace: default + name: PxBN-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: PxBN + kind: ClusterRole + name: PxBN-default subjects: - kind: ServiceAccount name: hqG9jAF @@ -56468,7 +52182,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: "": knwqEfPVTu @@ -56479,12 +52193,11 @@ metadata: app.kubernetes.io/name: axjCvWi app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: PxBN-rpk-bundle - namespace: default + name: PxBN-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: PxBN-rpk-bundle + kind: ClusterRole + name: PxBN-additional-controllers-default subjects: - kind: ServiceAccount name: hqG9jAF @@ -56743,6 +52456,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=tI - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -57351,6 +53065,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=4J4TVSNI8I - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -57978,6 +53693,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=CpVihaT - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -58314,7 +54030,7 @@ metadata: app.kubernetes.io/name: nUS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ-metrics-reader + name: m7Z5VmKktJ-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -58351,22 +54067,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -58378,39 +54098,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -58420,11 +54168,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -58438,11 +54193,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -58453,9 +54231,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -58465,34 +54243,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -58502,34 +54300,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -58540,154 +54352,156 @@ metadata: app.kubernetes.io/name: nUS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: m7Z5VmKktJ-default -subjects: -- kind: ServiceAccount - name: 8QmVHY8X - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - Pu8: aQVSuDE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nUS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ-election-role - namespace: default + name: m7Z5VmKktJ-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - Pu8: aQVSuDE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nUS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - Pu8: aQVSuDE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nUS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - Pu8: aQVSuDE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nUS - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: m7Z5VmKktJ-election-role -subjects: -- kind: ServiceAccount - name: 8QmVHY8X - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: Pu8: aQVSuDE @@ -58696,12 +54510,11 @@ metadata: app.kubernetes.io/name: nUS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ - namespace: default + name: m7Z5VmKktJ-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: m7Z5VmKktJ + kind: ClusterRole + name: m7Z5VmKktJ-default subjects: - kind: ServiceAccount name: 8QmVHY8X @@ -58709,9 +54522,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: Pu8: aQVSuDE @@ -58720,12 +54533,11 @@ metadata: app.kubernetes.io/name: nUS app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: m7Z5VmKktJ-rpk-bundle - namespace: default + name: m7Z5VmKktJ-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: m7Z5VmKktJ-rpk-bundle + kind: ClusterRole + name: m7Z5VmKktJ-additional-controllers-default subjects: - kind: ServiceAccount name: 8QmVHY8X @@ -59159,6 +54971,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=Kp - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -59572,7 +55385,7 @@ metadata: app.kubernetes.io/name: Eg0Oz app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OyOZvn5WT-metrics-reader + name: OyOZvn5WT-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -59613,22 +55426,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -59640,39 +55457,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -59682,11 +55527,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -59700,11 +55552,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -59715,9 +55590,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -59727,34 +55602,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -59764,61 +55659,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - E4i6xcvJ: ZJEz - yeHnwQ: fUkYaRf - creationTimestamp: null - labels: - 6uv1egE: IzPSkvDQ - C9l: git - E5l: BF8ozbb - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Eg0Oz - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: OyOZvn5WT-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: OyOZvn5WT-default -subjects: -- kind: ServiceAccount - name: BI7X - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: E4i6xcvJ: ZJEz @@ -59833,61 +55715,140 @@ metadata: app.kubernetes.io/name: Eg0Oz app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OyOZvn5WT-election-role - namespace: default + name: OyOZvn5WT-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - E4i6xcvJ: ZJEz - yeHnwQ: fUkYaRf - creationTimestamp: null - labels: - 6uv1egE: IzPSkvDQ - C9l: git - E5l: BF8ozbb - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Eg0Oz - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: OyOZvn5WT - namespace: default -rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -59901,7 +55862,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: E4i6xcvJ: ZJEz @@ -59916,12 +55877,11 @@ metadata: app.kubernetes.io/name: Eg0Oz app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OyOZvn5WT-election-role - namespace: default + name: OyOZvn5WT-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: OyOZvn5WT-election-role + kind: ClusterRole + name: OyOZvn5WT-default subjects: - kind: ServiceAccount name: BI7X @@ -59929,7 +55889,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: E4i6xcvJ: ZJEz @@ -59944,12 +55904,11 @@ metadata: app.kubernetes.io/name: Eg0Oz app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OyOZvn5WT - namespace: default + name: OyOZvn5WT-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: OyOZvn5WT + kind: ClusterRole + name: OyOZvn5WT-additional-controllers-default subjects: - kind: ServiceAccount name: BI7X @@ -60280,6 +56239,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=VNcVbeobGuK - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -61088,6 +57048,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=OdA - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -61836,6 +57797,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=dtDojkH - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -62564,6 +58526,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=51BriCol - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -62951,7 +58914,7 @@ metadata: app.kubernetes.io/name: 8ZgI1VH app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO-metrics-reader + name: Hjo9sbxO-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -62988,22 +58951,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -63015,39 +58982,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -63057,11 +59052,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -63075,11 +59077,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -63090,9 +59115,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -63102,34 +59127,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -63139,57 +59184,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - qA: WyamBB - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8ZgI1VH - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Hjo9sbxO-default -subjects: -- kind: ServiceAccount - name: "567" - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: qA: WyamBB @@ -63200,129 +59236,154 @@ metadata: app.kubernetes.io/name: 8ZgI1VH app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO-election-role - namespace: default + name: Hjo9sbxO-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - qA: WyamBB - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8ZgI1VH - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - qA: WyamBB - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8ZgI1VH - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - qA: WyamBB - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: 8ZgI1VH - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Hjo9sbxO-election-role -subjects: -- kind: ServiceAccount - name: "567" - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: qA: WyamBB @@ -63333,12 +59394,11 @@ metadata: app.kubernetes.io/name: 8ZgI1VH app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO - namespace: default + name: Hjo9sbxO-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Hjo9sbxO + kind: ClusterRole + name: Hjo9sbxO-default subjects: - kind: ServiceAccount name: "567" @@ -63346,7 +59406,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: qA: WyamBB @@ -63357,12 +59417,11 @@ metadata: app.kubernetes.io/name: 8ZgI1VH app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Hjo9sbxO-rpk-bundle - namespace: default + name: Hjo9sbxO-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Hjo9sbxO-rpk-bundle + kind: ClusterRole + name: Hjo9sbxO-additional-controllers-default subjects: - kind: ServiceAccount name: "567" @@ -63617,6 +59676,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=HTKj8qv - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -64019,7 +60079,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 ib: 8cz mKZJ: qFJ - name: 8K2N-metrics-reader + name: 8K2N-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -64059,22 +60119,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -64086,39 +60150,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -64128,11 +60220,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -64146,11 +60245,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -64161,9 +60283,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -64173,34 +60295,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -64210,60 +60352,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Ou: tUUeg100 - QOCh: CAl - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: an - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ib: 8cz - mKZJ: qFJ - name: 8K2N-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 8K2N-default -subjects: -- kind: ServiceAccount - name: YP12Q - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: Ou: tUUeg100 @@ -64277,60 +60407,140 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 ib: 8cz mKZJ: qFJ - name: 8K2N-election-role - namespace: default + name: 8K2N-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Ou: tUUeg100 - QOCh: CAl - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: an - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - ib: 8cz - mKZJ: qFJ - name: 8K2N - namespace: default -rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -64344,7 +60554,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Ou: tUUeg100 @@ -64358,12 +60568,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 ib: 8cz mKZJ: qFJ - name: 8K2N-election-role - namespace: default + name: 8K2N-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 8K2N-election-role + kind: ClusterRole + name: 8K2N-default subjects: - kind: ServiceAccount name: YP12Q @@ -64371,7 +60580,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Ou: tUUeg100 @@ -64385,12 +60594,11 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 ib: 8cz mKZJ: qFJ - name: 8K2N - namespace: default + name: 8K2N-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 8K2N + kind: ClusterRole + name: 8K2N-additional-controllers-default subjects: - kind: ServiceAccount name: YP12Q @@ -64942,6 +61150,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=VC4 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -65288,7 +61497,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 mNkAknTCpbj0: NCMcS - name: RQkbO-metrics-reader + name: RQkbO-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -65327,22 +61536,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -65354,39 +61567,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -65396,11 +61637,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -65414,11 +61662,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -65429,9 +61700,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -65441,34 +61712,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -65478,34 +61769,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -65518,84 +61823,140 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 mNkAknTCpbj0: NCMcS - name: RQkbO-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: RQkbO-default -subjects: -- kind: ServiceAccount - name: gFdSAMIO - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "": sxTGebP3lQ - OQ: osmjf - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MxF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mNkAknTCpbj0: NCMcS - name: RQkbO-election-role - namespace: default + name: RQkbO-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - "": sxTGebP3lQ - OQ: osmjf - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MxF - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - mNkAknTCpbj0: NCMcS - name: RQkbO - namespace: default -rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch - apiGroups: - "" resources: @@ -65609,9 +61970,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "": sxTGebP3lQ @@ -65622,12 +61983,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 mNkAknTCpbj0: NCMcS - name: RQkbO-election-role - namespace: default + name: RQkbO-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: RQkbO-election-role + kind: ClusterRole + name: RQkbO-default subjects: - kind: ServiceAccount name: gFdSAMIO @@ -65635,9 +61995,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: "": sxTGebP3lQ @@ -65648,12 +62008,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 mNkAknTCpbj0: NCMcS - name: RQkbO - namespace: default + name: RQkbO-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: RQkbO + kind: ClusterRole + name: RQkbO-additional-controllers-default subjects: - kind: ServiceAccount name: gFdSAMIO @@ -66061,6 +62420,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level= - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -66411,7 +62771,7 @@ metadata: app.kubernetes.io/name: vYy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97-metrics-reader + name: 2rNNJQv8k5j97-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -66449,22 +62809,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -66476,39 +62840,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -66518,11 +62910,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -66536,11 +62935,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -66551,9 +62973,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -66563,34 +62985,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -66600,58 +63042,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - T5I7K: mjLC - pKSYI: IDK - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: vYy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 2rNNJQv8k5j97-default -subjects: -- kind: ServiceAccount - name: K - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: annotations: T5I7K: mjLC @@ -66663,132 +63095,154 @@ metadata: app.kubernetes.io/name: vYy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97-election-role - namespace: default + name: 2rNNJQv8k5j97-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - T5I7K: mjLC - pKSYI: IDK - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: vYy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97 - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - T5I7K: mjLC - pKSYI: IDK - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: vYy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - T5I7K: mjLC - pKSYI: IDK - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: vYy9 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2rNNJQv8k5j97-election-role -subjects: -- kind: ServiceAccount - name: K - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: T5I7K: mjLC @@ -66800,12 +63254,11 @@ metadata: app.kubernetes.io/name: vYy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97 - namespace: default + name: 2rNNJQv8k5j97-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2rNNJQv8k5j97 + kind: ClusterRole + name: 2rNNJQv8k5j97-default subjects: - kind: ServiceAccount name: K @@ -66813,7 +63266,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: T5I7K: mjLC @@ -66825,12 +63278,11 @@ metadata: app.kubernetes.io/name: vYy9 app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 2rNNJQv8k5j97-rpk-bundle - namespace: default + name: 2rNNJQv8k5j97-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 2rNNJQv8k5j97-rpk-bundle + kind: ClusterRole + name: 2rNNJQv8k5j97-additional-controllers-default subjects: - kind: ServiceAccount name: K @@ -67198,6 +63650,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=XrGv - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -67927,6 +64380,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=o7 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -68335,7 +64789,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 zWv: hIfkuex2B - name: xxjYziP-metrics-reader + name: xxjYziP-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -68376,22 +64830,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -68403,39 +64861,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -68445,30 +64931,23 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update - apiGroups: - apps resources: - - deployments - - statefulsets + - controllerrevisions verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - apps resources: - - certificates - - clusterissuers - - issuers + - deployments + - statefulsets verbs: - create - delete @@ -68478,9 +64957,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - autoscaling resources: - - ingresses + - horizontalpodautoscalers verbs: - create - delete @@ -68490,9 +64969,9 @@ rules: - update - watch - apiGroups: - - policy + - batch resources: - - poddisruptionbudgets + - jobs verbs: - create - delete @@ -68502,22 +64981,22 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - cert-manager.io resources: - - clusterrolebindings - - clusterroles + - certificates + - issuers verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters - - consoles + - redpandas verbs: - create - delete @@ -68527,82 +65006,54 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/finalizers - - consoles/finalizers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get - patch - update - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/status - - consoles/status + - schemas + - topics + - users verbs: - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - coordination.k8s.io resources: - - priorityclasses + - leases verbs: + - create + - delete - get - list + - patch + - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - Pb9Oh: F3QHWxK - puaMG: "2" - creationTimestamp: null - labels: - JHXVQsYdx4WC: KFytXl - UN: h - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ovez - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - zWv: hIfkuex2B - name: xxjYziP-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: xxjYziP-default -subjects: -- kind: ServiceAccount - name: Wx - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Pb9Oh: F3QHWxK - puaMG: "2" - creationTimestamp: null - labels: - JHXVQsYdx4WC: KFytXl - UN: h - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ovez - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - zWv: hIfkuex2B - name: xxjYziP-election-role - namespace: default -rules: - apiGroups: - - "" + - monitoring.coreos.com resources: - - configmaps + - podmonitors + - servicemonitors verbs: - create - delete @@ -68612,16 +65063,21 @@ rules: - update - watch - apiGroups: - - "" + - networking.k8s.io resources: - - events + - ingresses verbs: - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - policy resources: - - leases + - poddisruptionbudgets verbs: - create - delete @@ -68630,69 +65086,25 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Pb9Oh: F3QHWxK - puaMG: "2" - creationTimestamp: null - labels: - JHXVQsYdx4WC: KFytXl - UN: h - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ovez - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - zWv: hIfkuex2B - name: xxjYziP - namespace: default -rules: - apiGroups: - - "" + - rbac.authorization.k8s.io resources: - - persistentvolumeclaims - - pods + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Pb9Oh: F3QHWxK - puaMG: "2" - creationTimestamp: null - labels: - JHXVQsYdx4WC: KFytXl - UN: h - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ovez - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - zWv: hIfkuex2B - name: xxjYziP-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: xxjYziP-election-role -subjects: -- kind: ServiceAccount - name: Wx - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: Pb9Oh: F3QHWxK @@ -68707,12 +65119,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 zWv: hIfkuex2B - name: xxjYziP - namespace: default + name: xxjYziP-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: xxjYziP + kind: ClusterRole + name: xxjYziP-default subjects: - kind: ServiceAccount name: Wx @@ -69007,6 +65418,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=I - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -69460,7 +65872,7 @@ metadata: app.kubernetes.io/name: zsU8D app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OZHCbAk-metrics-reader + name: OZHCbAk-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -69499,22 +65911,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -69526,39 +65942,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -69568,11 +66012,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -69586,11 +66037,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -69600,6 +66074,75 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -69629,101 +66172,126 @@ rules: resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create + - delete - get - list - patch - update - watch +--- +# Source: operator/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + NFFw: qCc3rOA + gKTYp: Zd2R + jKQQEfT: FduvIJJ + creationTimestamp: null + labels: + app.kubernetes.io/instance: operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: zsU8D + app.kubernetes.io/version: v25.1.1-beta3 + helm.sh/chart: operator-25.1.1-beta3 + name: OZHCbAk-additional-controllers-default +rules: - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters - - consoles + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters/finalizers - - consoles/finalizers + - pods + - secrets verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list - patch - update - apiGroups: - - redpanda.vectorized.io + - cluster.redpanda.com resources: - - clusters/status - - consoles/status + - redpandas verbs: - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list - patch - update - apiGroups: - - scheduling.k8s.io + - "" resources: - - priorityclasses + - configmaps + - pods + - secrets verbs: - get - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - NFFw: qCc3rOA - gKTYp: Zd2R - jKQQEfT: FduvIJJ - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zsU8D - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: OZHCbAk-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: OZHCbAk-default -subjects: -- kind: ServiceAccount - name: 7ZTjb - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - NFFw: qCc3rOA - gKTYp: Zd2R - jKQQEfT: FduvIJJ - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zsU8D - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: OZHCbAk-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims verbs: - - create - delete - get - list @@ -69733,41 +66301,37 @@ rules: - apiGroups: - "" resources: - - events + - persistentvolumes verbs: - - create + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - - delete - get - list - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - NFFw: qCc3rOA - gKTYp: Zd2R - jKQQEfT: FduvIJJ - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: zsU8D - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: OZHCbAk - namespace: default -rules: - apiGroups: - "" resources: @@ -69781,7 +66345,7 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: NFFw: qCc3rOA @@ -69794,12 +66358,11 @@ metadata: app.kubernetes.io/name: zsU8D app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OZHCbAk-election-role - namespace: default + name: OZHCbAk-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: OZHCbAk-election-role + kind: ClusterRole + name: OZHCbAk-default subjects: - kind: ServiceAccount name: 7ZTjb @@ -69807,7 +66370,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: NFFw: qCc3rOA @@ -69820,12 +66383,11 @@ metadata: app.kubernetes.io/name: zsU8D app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: OZHCbAk - namespace: default + name: OZHCbAk-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: OZHCbAk + kind: ClusterRole + name: OZHCbAk-additional-controllers-default subjects: - kind: ServiceAccount name: 7ZTjb @@ -70201,6 +66763,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=fhg - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -70796,6 +67359,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=E3A4 - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -71173,7 +67737,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 dRuotY: sUV helm.sh/chart: operator-25.1.1-beta3 - name: twuYH9-metrics-reader + name: twuYH9-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -71211,22 +67775,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -71238,39 +67806,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -71280,11 +67876,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -71298,11 +67901,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -71313,9 +67939,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -71325,34 +67951,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -71362,29 +68008,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -71412,133 +68072,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - wqUHiDS: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: AD - app.kubernetes.io/version: v25.1.1-beta3 - dRuotY: sUV - helm.sh/chart: operator-25.1.1-beta3 - name: twuYH9-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - wqUHiDS: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: AD - app.kubernetes.io/version: v25.1.1-beta3 - dRuotY: sUV - helm.sh/chart: operator-25.1.1-beta3 - name: twuYH9 - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - wqUHiDS: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: AD - app.kubernetes.io/version: v25.1.1-beta3 - dRuotY: sUV - helm.sh/chart: operator-25.1.1-beta3 - name: twuYH9-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: twuYH9-election-role -subjects: -- kind: ServiceAccount - name: 53ObZL18D - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - wqUHiDS: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: AD - app.kubernetes.io/version: v25.1.1-beta3 - dRuotY: sUV - helm.sh/chart: operator-25.1.1-beta3 - name: twuYH9 - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: twuYH9 -subjects: -- kind: ServiceAccount - name: 53ObZL18D - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -71918,6 +68451,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=p7w - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -72331,7 +68865,7 @@ metadata: app.kubernetes.io/name: MOjCBp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn-metrics-reader + name: Sb2hWn-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -72368,22 +68902,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -72395,39 +68933,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -72437,11 +69003,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -72455,11 +69028,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -72469,6 +69065,75 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -72498,213 +69163,180 @@ rules: resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create + - delete - get - list - patch - update - watch +--- +# Source: operator/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + creationTimestamp: null + labels: + Jacfyrff: CPx2 + app.kubernetes.io/instance: operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: MOjCBp + app.kubernetes.io/version: v25.1.1-beta3 + helm.sh/chart: operator-25.1.1-beta3 + name: Sb2hWn-additional-controllers-default +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters - - consoles + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters/finalizers - - consoles/finalizers + - pods + - secrets verbs: - - patch - - update + - get + - list + - watch - apiGroups: - - redpanda.vectorized.io + - apps resources: - - clusters/status - - consoles/status + - statefulsets verbs: - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list - patch - update - apiGroups: - - scheduling.k8s.io + - cluster.redpanda.com resources: - - priorityclasses + - redpandas verbs: - get - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - Jacfyrff: CPx2 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MOjCBp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Sb2hWn-default -subjects: -- kind: ServiceAccount - name: g - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - Jacfyrff: CPx2 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MOjCBp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - Jacfyrff: CPx2 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MOjCBp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn - namespace: default -rules: +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - Jacfyrff: CPx2 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MOjCBp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - Jacfyrff: CPx2 - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MOjCBp - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Sb2hWn-election-role -subjects: -- kind: ServiceAccount - name: g - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: Jacfyrff: CPx2 @@ -72713,12 +69345,11 @@ metadata: app.kubernetes.io/name: MOjCBp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn - namespace: default + name: Sb2hWn-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Sb2hWn + kind: ClusterRole + name: Sb2hWn-default subjects: - kind: ServiceAccount name: g @@ -72726,9 +69357,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: Jacfyrff: CPx2 @@ -72737,12 +69368,11 @@ metadata: app.kubernetes.io/name: MOjCBp app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: Sb2hWn-rpk-bundle - namespace: default + name: Sb2hWn-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Sb2hWn-rpk-bundle + kind: ClusterRole + name: Sb2hWn-additional-controllers-default subjects: - kind: ServiceAccount name: g @@ -73158,6 +69788,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=grDHZkPyKot - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -73507,7 +70138,7 @@ metadata: app.kubernetes.io/name: B app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-B-metrics-reader + name: operator-B-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -73544,22 +70175,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -73571,39 +70206,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -73613,11 +70276,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -73631,11 +70301,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -73646,9 +70339,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -73658,34 +70351,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -73695,29 +70408,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -73744,129 +70471,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - pZTJ: OgaeCRx - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: B - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-B-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - pZTJ: OgaeCRx - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: B - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-B - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - pZTJ: OgaeCRx - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: B - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-B-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-B-election-role -subjects: -- kind: ServiceAccount - name: je1S - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - pZTJ: OgaeCRx - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: B - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-B - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-B -subjects: -- kind: ServiceAccount - name: je1S - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -74198,6 +70802,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=Yd - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -74901,6 +71506,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=Ufou7z - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -75252,7 +71858,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 q93: ONPg3F rZBEA7mOLYT: iFtHtFH - name: nJ-metrics-reader + name: nJ-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -75291,22 +71897,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -75318,39 +71928,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -75360,11 +71998,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -75378,11 +72023,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -75393,9 +72061,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -75405,34 +72073,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -75442,29 +72130,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -75493,199 +72195,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - XFSHB: ot7Wo - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: o2 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - q93: ONPg3F - rZBEA7mOLYT: iFtHtFH - name: nJ-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - XFSHB: ot7Wo - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: o2 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - q93: ONPg3F - rZBEA7mOLYT: iFtHtFH - name: nJ - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - XFSHB: ot7Wo - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: o2 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - q93: ONPg3F - rZBEA7mOLYT: iFtHtFH - name: nJ-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - XFSHB: ot7Wo - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: o2 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - q93: ONPg3F - rZBEA7mOLYT: iFtHtFH - name: nJ-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nJ-election-role -subjects: -- kind: ServiceAccount - name: xOqjN - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - XFSHB: ot7Wo - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: o2 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - q93: ONPg3F - rZBEA7mOLYT: iFtHtFH - name: nJ - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nJ -subjects: -- kind: ServiceAccount - name: xOqjN - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - XFSHB: ot7Wo - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: o2 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - q93: ONPg3F - rZBEA7mOLYT: iFtHtFH - name: nJ-rpk-bundle - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nJ-rpk-bundle -subjects: -- kind: ServiceAccount - name: xOqjN - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -76000,6 +72509,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=pB9UJO8ZqB - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -76340,7 +72850,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 jHlVD3i0I: Hfqg8dMgdc - name: cCP-metrics-reader + name: cCP-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -76381,22 +72891,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -76408,39 +72922,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -76450,11 +72992,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -76468,11 +73017,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -76483,9 +73055,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -76495,34 +73067,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -76532,29 +73124,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -76585,145 +73191,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - G: g1H20bqs - GIyHjLLo: "" - OV: QDDDF - creationTimestamp: null - labels: - 1S48I: gbO1FYE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: WqmcFb - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jHlVD3i0I: Hfqg8dMgdc - name: cCP-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - G: g1H20bqs - GIyHjLLo: "" - OV: QDDDF - creationTimestamp: null - labels: - 1S48I: gbO1FYE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: WqmcFb - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jHlVD3i0I: Hfqg8dMgdc - name: cCP - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - G: g1H20bqs - GIyHjLLo: "" - OV: QDDDF - creationTimestamp: null - labels: - 1S48I: gbO1FYE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: WqmcFb - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jHlVD3i0I: Hfqg8dMgdc - name: cCP-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cCP-election-role -subjects: -- kind: ServiceAccount - name: akO9K6 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - G: g1H20bqs - GIyHjLLo: "" - OV: QDDDF - creationTimestamp: null - labels: - 1S48I: gbO1FYE - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: WqmcFb - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - jHlVD3i0I: Hfqg8dMgdc - name: cCP - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cCP -subjects: -- kind: ServiceAccount - name: akO9K6 - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -77202,6 +73669,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=tYc - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -77918,6 +74386,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=AKFy - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -78341,7 +74810,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 nI2ZSs: 4AI8h - name: Wo-metrics-reader + name: Wo-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -78380,22 +74849,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -78407,39 +74880,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -78449,11 +74950,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -78467,11 +74975,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -78481,6 +75012,75 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -78510,221 +75110,180 @@ rules: resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create + - delete - get - list - patch - update - watch +--- +# Source: operator/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + 2Kv4rY7: ihBdOLL + creationTimestamp: null + labels: + DZeu: yUBayuz + app.kubernetes.io/instance: operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: L07 + app.kubernetes.io/version: v25.1.1-beta3 + helm.sh/chart: operator-25.1.1-beta3 + nI2ZSs: 4AI8h + name: Wo-additional-controllers-default +rules: - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters - - consoles + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters/finalizers - - consoles/finalizers + - pods + - secrets verbs: - - patch - - update + - get + - list + - watch - apiGroups: - - redpanda.vectorized.io + - apps resources: - - clusters/status - - consoles/status + - statefulsets verbs: - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list - patch - update - apiGroups: - - scheduling.k8s.io + - cluster.redpanda.com resources: - - priorityclasses + - redpandas verbs: - get - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - 2Kv4rY7: ihBdOLL - creationTimestamp: null - labels: - DZeu: yUBayuz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: L07 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - nI2ZSs: 4AI8h - name: Wo-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: Wo-default -subjects: -- kind: ServiceAccount - name: drBf - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 2Kv4rY7: ihBdOLL - creationTimestamp: null - labels: - DZeu: yUBayuz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: L07 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - nI2ZSs: 4AI8h - name: Wo-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 2Kv4rY7: ihBdOLL - creationTimestamp: null - labels: - DZeu: yUBayuz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: L07 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - nI2ZSs: 4AI8h - name: Wo - namespace: default -rules: +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - 2Kv4rY7: ihBdOLL - creationTimestamp: null - labels: - DZeu: yUBayuz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: L07 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - nI2ZSs: 4AI8h - name: Wo-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - 2Kv4rY7: ihBdOLL - creationTimestamp: null - labels: - DZeu: yUBayuz - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: L07 - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - nI2ZSs: 4AI8h - name: Wo-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: Wo-election-role -subjects: -- kind: ServiceAccount - name: drBf - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 2Kv4rY7: ihBdOLL @@ -78737,12 +75296,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 nI2ZSs: 4AI8h - name: Wo - namespace: default + name: Wo-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Wo + kind: ClusterRole + name: Wo-default subjects: - kind: ServiceAccount name: drBf @@ -78750,7 +75308,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: 2Kv4rY7: ihBdOLL @@ -78763,12 +75321,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 nI2ZSs: 4AI8h - name: Wo-rpk-bundle - namespace: default + name: Wo-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: Wo-rpk-bundle + kind: ClusterRole + name: Wo-additional-controllers-default subjects: - kind: ServiceAccount name: drBf @@ -79062,6 +75619,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=PcP - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -79507,7 +76065,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 t: W wH2b: "" - name: w-metrics-reader + name: w-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -79548,22 +76106,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -79575,39 +76137,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -79617,11 +76207,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -79635,11 +76232,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -79650,9 +76270,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -79662,34 +76282,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -79699,29 +76339,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -79752,145 +76406,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Y6pF: 16c - qjH: CdtB5 - sseemE: EObsGst - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MK - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - t: W - wH2b: "" - name: w-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - Y6pF: 16c - qjH: CdtB5 - sseemE: EObsGst - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MK - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - t: W - wH2b: "" - name: w - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Y6pF: 16c - qjH: CdtB5 - sseemE: EObsGst - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MK - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - t: W - wH2b: "" - name: w-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: w-election-role -subjects: -- kind: ServiceAccount - name: 7QeW - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - Y6pF: 16c - qjH: CdtB5 - sseemE: EObsGst - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MK - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - t: W - wH2b: "" - name: w - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: w -subjects: -- kind: ServiceAccount - name: 7QeW - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -80301,6 +76816,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=s63h - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -81104,6 +77620,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=qZr - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -81522,7 +78039,7 @@ metadata: app.kubernetes.io/name: Tlv app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6-metrics-reader + name: KXsg6-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -81559,22 +78076,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -81586,39 +78107,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -81628,11 +78177,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -81646,11 +78202,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -81661,9 +78240,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -81673,34 +78252,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -81710,29 +78309,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -81759,187 +78372,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - C1ah: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Tlv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - C1ah: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Tlv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6 - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - C1ah: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Tlv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - C1ah: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Tlv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: KXsg6-election-role -subjects: -- kind: ServiceAccount - name: J2qRpt9 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - C1ah: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Tlv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6 - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: KXsg6 -subjects: -- kind: ServiceAccount - name: J2qRpt9 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - C1ah: "" - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: Tlv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: KXsg6-rpk-bundle - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: KXsg6-rpk-bundle -subjects: -- kind: ServiceAccount - name: J2qRpt9 - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -82245,6 +78677,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=hj - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -82645,7 +79078,7 @@ metadata: helm.sh/chart: operator-25.1.1-beta3 oLWSEoF: Ps5P uO6upU7K: lMwbJ - name: FCXrBjh-metrics-reader + name: FCXrBjh-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -82684,22 +79117,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -82711,39 +79148,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -82753,11 +79218,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -82771,11 +79243,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -82786,9 +79281,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -82798,34 +79293,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -82835,29 +79350,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -82886,137 +79415,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - p1R: fWL - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DjMfg - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oLWSEoF: Ps5P - uO6upU7K: lMwbJ - name: FCXrBjh-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - p1R: fWL - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DjMfg - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oLWSEoF: Ps5P - uO6upU7K: lMwbJ - name: FCXrBjh - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - p1R: fWL - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DjMfg - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oLWSEoF: Ps5P - uO6upU7K: lMwbJ - name: FCXrBjh-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: FCXrBjh-election-role -subjects: -- kind: ServiceAccount - name: 11c - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - p1R: fWL - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: DjMfg - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - oLWSEoF: Ps5P - uO6upU7K: lMwbJ - name: FCXrBjh - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: FCXrBjh -subjects: -- kind: ServiceAccount - name: 11c - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -83373,6 +79771,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=cU5MS1z - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -83725,7 +80124,7 @@ metadata: app.kubernetes.io/name: "Y" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 02-metrics-reader + name: 02-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -83762,22 +80161,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -83789,39 +80192,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -83831,11 +80262,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -83849,11 +80287,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -83863,6 +80324,75 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -83892,213 +80422,180 @@ rules: resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create + - delete - get - list - patch - update - watch +--- +# Source: operator/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + creationTimestamp: null + labels: + DQ: JM + app.kubernetes.io/instance: operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: "Y" + app.kubernetes.io/version: v25.1.1-beta3 + helm.sh/chart: operator-25.1.1-beta3 + name: 02-additional-controllers-default +rules: - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters - - consoles + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters/finalizers - - consoles/finalizers + - pods + - secrets verbs: - - patch - - update + - get + - list + - watch - apiGroups: - - redpanda.vectorized.io + - apps resources: - - clusters/status - - consoles/status + - statefulsets verbs: - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list - patch - update - apiGroups: - - scheduling.k8s.io + - cluster.redpanda.com resources: - - priorityclasses + - redpandas verbs: - get - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - DQ: JM - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "Y" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 02-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 02-default -subjects: -- kind: ServiceAccount - name: "" - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - DQ: JM - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "Y" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 02-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - DQ: JM - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "Y" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: "02" - namespace: default -rules: +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - DQ: JM - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "Y" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 02-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - DQ: JM - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "Y" - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: 02-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 02-election-role -subjects: -- kind: ServiceAccount - name: "" - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: DQ: JM @@ -84107,12 +80604,11 @@ metadata: app.kubernetes.io/name: "Y" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: "02" - namespace: default + name: 02-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: "02" + kind: ClusterRole + name: 02-default subjects: - kind: ServiceAccount name: "" @@ -84120,9 +80616,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: DQ: JM @@ -84131,12 +80627,11 @@ metadata: app.kubernetes.io/name: "Y" app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: 02-rpk-bundle - namespace: default + name: 02-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: 02-rpk-bundle + kind: ClusterRole + name: 02-additional-controllers-default subjects: - kind: ServiceAccount name: "" @@ -84518,6 +81013,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=sbpkgy - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -85190,6 +81686,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=TmP83vnBu - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -85568,7 +82065,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 dwmXsKZoxFp: TZf helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi-metrics-reader + name: KPhNK5uNi-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -85609,22 +82106,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -85636,39 +82137,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -85678,11 +82207,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -85696,11 +82232,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -85710,6 +82269,75 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -85739,231 +82367,182 @@ rules: resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create + - delete - get - list - patch - update - watch +--- +# Source: operator/templates/entry-point.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + GnXQ: mU + dEUN: 9jQ + eWh: j + creationTimestamp: null + labels: + 1DVgfA62: TO + app.kubernetes.io/instance: operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: MkL0HtR + app.kubernetes.io/version: v25.1.1-beta3 + dwmXsKZoxFp: TZf + helm.sh/chart: operator-25.1.1-beta3 + name: KPhNK5uNi-additional-controllers-default +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters - - consoles + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters/finalizers - - consoles/finalizers + - pods + - secrets verbs: - - patch - - update + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch - apiGroups: - - redpanda.vectorized.io + - "" resources: - - clusters/status - - consoles/status + - configmaps + - nodes + - secrets verbs: - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list - patch - update - apiGroups: - - scheduling.k8s.io + - cluster.redpanda.com resources: - - priorityclasses + - redpandas verbs: - get - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - GnXQ: mU - dEUN: 9jQ - eWh: j - creationTimestamp: null - labels: - 1DVgfA62: TO - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MkL0HtR - app.kubernetes.io/version: v25.1.1-beta3 - dwmXsKZoxFp: TZf - helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: KPhNK5uNi-default -subjects: -- kind: ServiceAccount - name: hOWRGjU5 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - GnXQ: mU - dEUN: 9jQ - eWh: j - creationTimestamp: null - labels: - 1DVgfA62: TO - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MkL0HtR - app.kubernetes.io/version: v25.1.1-beta3 - dwmXsKZoxFp: TZf - helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi-election-role - namespace: default -rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list - watch - apiGroups: - "" resources: - - events + - persistentvolumeclaims verbs: - - create + - delete + - get + - list - patch + - update + - watch - apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - GnXQ: mU - dEUN: 9jQ - eWh: j - creationTimestamp: null - labels: - 1DVgfA62: TO - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MkL0HtR - app.kubernetes.io/version: v25.1.1-beta3 - dwmXsKZoxFp: TZf - helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi - namespace: default -rules: +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - GnXQ: mU - dEUN: 9jQ - eWh: j - creationTimestamp: null - labels: - 1DVgfA62: TO - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MkL0HtR - app.kubernetes.io/version: v25.1.1-beta3 - dwmXsKZoxFp: TZf - helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - GnXQ: mU - dEUN: 9jQ - eWh: j - creationTimestamp: null - labels: - 1DVgfA62: TO - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: MkL0HtR - app.kubernetes.io/version: v25.1.1-beta3 - dwmXsKZoxFp: TZf - helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: KPhNK5uNi-election-role -subjects: -- kind: ServiceAccount - name: hOWRGjU5 - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: GnXQ: mU @@ -85978,12 +82557,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 dwmXsKZoxFp: TZf helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi - namespace: default + name: KPhNK5uNi-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: KPhNK5uNi + kind: ClusterRole + name: KPhNK5uNi-default subjects: - kind: ServiceAccount name: hOWRGjU5 @@ -85991,7 +82569,7 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: annotations: GnXQ: mU @@ -86006,12 +82584,11 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 dwmXsKZoxFp: TZf helm.sh/chart: operator-25.1.1-beta3 - name: KPhNK5uNi-rpk-bundle - namespace: default + name: KPhNK5uNi-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: KPhNK5uNi-rpk-bundle + kind: ClusterRole + name: KPhNK5uNi-additional-controllers-default subjects: - kind: ServiceAccount name: hOWRGjU5 @@ -86371,6 +82948,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=G6sQWEEyqb - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -87168,6 +83746,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=tqqBMvp3V - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -87555,7 +84134,7 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 rnKI: dxHr - name: 5U9oyj-metrics-reader + name: 5U9oyj-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -87594,22 +84173,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -87621,39 +84204,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -87663,11 +84274,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -87681,11 +84299,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -87696,9 +84337,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -87708,34 +84349,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -87745,29 +84406,43 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml @@ -87796,137 +84471,6 @@ subjects: namespace: default --- # Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - E3s: wWjO - OD7: D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RoJFv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - rnKI: dxHr - name: 5U9oyj-election-role - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - E3s: wWjO - OD7: D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RoJFv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - rnKI: dxHr - name: 5U9oyj - namespace: default -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - verbs: - - delete - - get - - list - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - E3s: wWjO - OD7: D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RoJFv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - rnKI: dxHr - name: 5U9oyj-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 5U9oyj-election-role -subjects: -- kind: ServiceAccount - name: vE4AZ - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - E3s: wWjO - OD7: D - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: RoJFv - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - rnKI: dxHr - name: 5U9oyj - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 5U9oyj -subjects: -- kind: ServiceAccount - name: vE4AZ - namespace: default ---- -# Source: operator/templates/entry-point.yaml apiVersion: v1 kind: Service metadata: @@ -88351,6 +84895,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=OIXyC - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -88758,7 +85303,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -88791,6 +85336,172 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cluster.redpanda.com resources: @@ -88836,10 +85547,9 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -88848,117 +85558,62 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - - "" + - monitoring.coreos.com resources: - - persistentvolumes + - podmonitors + - servicemonitors verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - - "" + - networking.k8s.io resources: - - persistentvolumes + - ingresses verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - policy resources: - - redpandas + - poddisruptionbudgets verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - - "" + - rbac.authorization.k8s.io resources: - - persistentvolumes + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -88969,42 +85624,13 @@ metadata: app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes verbs: - - create - - delete - - get - - list - patch - - update - - watch - apiGroups: - "" resources: @@ -89013,72 +85639,19 @@ rules: - create - patch - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: -- apiGroups: - - coordination.k8s.io + - "" resources: - - leases + - persistentvolumeclaims verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - configmaps - pods - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions verbs: - get - list @@ -89086,96 +85659,64 @@ rules: - apiGroups: - apps resources: - - deployments - statefulsets verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - batch + - "" resources: - - jobs + - configmaps + - nodes + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - "" resources: - - certificates - - issuers + - persistentvolumes verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - coordination.k8s.io + - cluster.redpanda.com resources: - - leases + - redpandas verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - monitoring.coreos.com + - "" resources: - - podmonitors - - servicemonitors + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - networking.k8s.io + - "" resources: - - ingresses + - configmaps + - pods + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - policy + - "" resources: - - poddisruptionbudgets + - persistentvolumeclaims verbs: - - create - delete - get - list @@ -89183,103 +85724,39 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - rolebindings - - roles + - persistentvolumes verbs: - - create - - delete - get - list - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - secrets - verbs: - - get - - list - - watch - apiGroups: - apps resources: - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims + - statefulsets/status verbs: - - delete - - get - - list - patch - update - apiGroups: - - "" + - cluster.redpanda.com resources: - - persistentvolumeclaims + - redpandas verbs: - - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list - - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - patch - - update + - watch - apiGroups: - "" resources: @@ -89293,88 +85770,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - limitranges - - persistentvolumeclaims - - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services - verbs: - - get - - list ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -89382,12 +85780,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -89395,9 +85792,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -89405,12 +85802,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -89475,9 +85871,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -89719,7 +86114,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -89753,9 +86148,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -89765,199 +86160,114 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - events verbs: - - update + - create + - patch - apiGroups: - - cluster.redpanda.com + - coordination.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - leases verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - persistentvolumes verbs: - get - list - patch - - update - watch - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterrolebindings - - clusterroles + - persistentvolumeclaims + - pods verbs: - - create - delete - get - list - - patch - - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - - patch + - get - apiGroups: - "" resources: - configmaps - - nodes - - secrets + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - get - list - - watch - apiGroups: - - "" + - coordination.k8s.io resources: - - persistentvolumes + - leases verbs: + - create - delete - get - list - patch - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - configmaps + - pods - secrets + - serviceaccounts + - services verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas + - controllerrevisions verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: -- apiGroups: - - "" + - apps resources: - - configmaps + - deployments + - statefulsets verbs: - create - delete @@ -89967,16 +86277,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io + - autoscaling resources: - - leases + - horizontalpodautoscalers verbs: - create - delete @@ -89985,26 +86288,10 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - - coordination.k8s.io + - batch resources: - - leases + - jobs verbs: - create - delete @@ -90014,13 +86301,10 @@ rules: - update - watch - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -90030,25 +86314,9 @@ rules: - update - watch - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps + - cluster.redpanda.com resources: - - deployments - - statefulsets + - redpandas verbs: - create - delete @@ -90058,37 +86326,32 @@ rules: - update - watch - apiGroups: - - autoscaling + - cluster.redpanda.com resources: - - horizontalpodautoscalers + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - batch + - cluster.redpanda.com resources: - - jobs + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - create - - delete - get - - list - patch - update - - watch - apiGroups: - - cert-manager.io + - cluster.redpanda.com resources: - - certificates - - issuers + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch @@ -90146,6 +86409,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -90159,9 +86424,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -90169,9 +86434,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -90205,6 +86475,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -90215,6 +86513,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -90229,10 +86537,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -90241,101 +86551,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -90343,12 +86591,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -90356,9 +86603,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -90366,12 +86613,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -90436,9 +86682,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -90698,7 +86943,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -90732,9 +86977,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -90744,42 +86989,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -90788,198 +87007,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: - apiGroups: - "" resources: - persistentvolumes verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -91073,6 +87142,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -91125,6 +87238,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -91138,9 +87253,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -91148,9 +87263,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -91184,6 +87304,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -91194,6 +87342,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -91208,10 +87366,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -91220,101 +87380,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -91322,12 +87420,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -91335,9 +87432,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -91345,12 +87442,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -91415,9 +87511,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -91557,7 +87652,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -91591,9 +87686,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -91603,42 +87698,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -91647,198 +87716,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: - apiGroups: - "" resources: - persistentvolumes verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -91932,6 +87851,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -91984,6 +87947,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -91997,9 +87962,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -92007,9 +87972,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -92043,6 +88013,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -92053,6 +88051,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -92067,10 +88075,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -92079,101 +88089,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -92181,12 +88129,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -92194,9 +88141,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -92204,12 +88151,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -92274,9 +88220,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -92433,7 +88378,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -92462,212 +88407,10 @@ rules: - create - apiGroups: - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - schemas - - topics - - users - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - delete - - get - - list - - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: + resources: + - subjectaccessreviews + verbs: + - create - apiGroups: - "" resources: @@ -92699,22 +88442,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list - apiGroups: - coordination.k8s.io resources: @@ -92808,6 +88577,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -92860,6 +88673,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -92873,9 +88688,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -92883,9 +88698,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -92919,6 +88739,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -92929,6 +88777,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -92943,10 +88801,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -92955,101 +88815,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -93057,12 +88855,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -93070,9 +88867,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -93080,12 +88877,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -93150,9 +88946,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -93292,7 +89087,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -93326,9 +89121,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -93338,42 +89133,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -93382,198 +89151,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - get - - list - watch - apiGroups: - "" resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -93667,6 +89286,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -93719,6 +89382,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -93732,9 +89397,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -93742,9 +89407,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -93778,6 +89448,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -93788,6 +89486,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -93802,10 +89510,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -93814,101 +89524,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -93916,12 +89564,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -93929,9 +89576,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -93939,12 +89586,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -94009,9 +89655,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: @@ -94151,7 +89796,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -94187,22 +89832,26 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - configmaps verbs: + - create + - delete - get - list - patch + - update - watch - apiGroups: - "" resources: - - nodes + - events verbs: - - get + - create + - patch - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps + - leases verbs: - create - delete @@ -94214,39 +89863,67 @@ rules: - apiGroups: - "" resources: - - events - - secrets - - serviceaccounts - - services + - persistentvolumes verbs: - - create - get - list - patch - - update - watch - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - "" resources: + - configmaps - pods + - secrets + - serviceaccounts + - services verbs: + - create - delete - get - list @@ -94256,11 +89933,18 @@ rules: - apiGroups: - "" resources: - - pods/finalizers - - pods/status + - events verbs: + - create - patch - - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -94274,11 +89958,34 @@ rules: - patch - update - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: - certificates - - clusterissuers - issuers verbs: - create @@ -94289,9 +89996,9 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - cluster.redpanda.com resources: - - ingresses + - redpandas verbs: - create - delete @@ -94301,34 +90008,54 @@ rules: - update - watch - apiGroups: - - policy + - cluster.redpanda.com resources: - - poddisruptionbudgets + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users verbs: - - create - - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create + - delete - get - list - patch - update - watch - apiGroups: - - redpanda.vectorized.io + - monitoring.coreos.com resources: - - clusters - - consoles + - podmonitors + - servicemonitors verbs: - create - delete @@ -94338,34 +90065,48 @@ rules: - update - watch - apiGroups: - - redpanda.vectorized.io + - networking.k8s.io resources: - - clusters/finalizers - - consoles/finalizers + - ingresses verbs: + - create + - delete + - get + - list - patch - update + - watch - apiGroups: - - redpanda.vectorized.io + - policy resources: - - clusters/status - - consoles/status + - poddisruptionbudgets verbs: + - create + - delete - get + - list - patch - update + - watch - apiGroups: - - scheduling.k8s.io + - rbac.authorization.k8s.io resources: - - priorityclasses + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: + - create + - delete - get - list + - patch + - update - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: annotations: {} creationTimestamp: null @@ -94375,150 +90116,156 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default + name: operator-additional-controllers-default rules: - apiGroups: - "" resources: - - configmaps + - persistentvolumes + verbs: + - patch +- apiGroups: + - "" + resources: + - events verbs: - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: - delete - get - list - - patch - - update - watch - apiGroups: - "" resources: - - events + - pods + - secrets verbs: - - create - - patch + - get + - list + - watch - apiGroups: - - coordination.k8s.io + - apps resources: - - leases + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes verbs: - - create - delete - get - list - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - "" resources: - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - configmaps - pods + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims verbs: - delete - get - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -94526,12 +90273,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -94539,9 +90285,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -94549,12 +90295,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -94641,6 +90386,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --log-level=info - --webhook-enabled=true - --webhook-enabled=true - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs @@ -94896,7 +90642,7 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-metrics-reader + name: operator-default-metrics-reader rules: - nonResourceURLs: - /metrics @@ -94930,9 +90676,9 @@ rules: verbs: - create - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - configmaps verbs: - create - delete @@ -94942,42 +90688,16 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com + - "" resources: - - schemas - - topics - - users + - events verbs: - - get - - list + - create - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - clusterrolebindings - - clusterroles + - leases verbs: - create - delete @@ -94986,198 +90706,48 @@ rules: - patch - update - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - patch -- apiGroups: - - "" - resources: - - configmaps - - nodes - - secrets - verbs: - - get - - list - - watch - apiGroups: - "" resources: - persistentvolumes verbs: - - delete - get - list - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - get - - list - watch - apiGroups: - "" resources: - - configmaps - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas + - persistentvolumeclaims + - pods verbs: + - delete - get - list - watch - apiGroups: - "" resources: - - persistentvolumes + - nodes verbs: - get - - list - - patch - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: {} - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: operator-additional-controllers-default -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -rules: - apiGroups: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: + - endpoints - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services verbs: - - create - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - get - list - - patch - - update - - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -rules: - apiGroups: - coordination.k8s.io resources: @@ -95271,6 +90841,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -95323,6 +90937,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: @@ -95336,9 +90952,9 @@ rules: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -95346,9 +90962,14 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-additional-controllers-default rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch - apiGroups: - "" resources: @@ -95382,6 +91003,34 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -95392,6 +91041,16 @@ rules: - list - patch - update +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -95406,10 +91065,12 @@ rules: - apiGroups: - "" resources: - - pods + - persistentvolumes verbs: - get - list + - patch + - update - watch - apiGroups: - apps @@ -95418,101 +91079,39 @@ rules: verbs: - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch - apiGroups: - "" resources: - - persistentvolumeclaims - - pods + - persistentvolumes verbs: - - delete - get - list + - patch - watch ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default -rules: - apiGroups: - "" resources: - - configmaps - - endpoints - - events - - limitranges - persistentvolumeclaims - pods - - pods/log - - replicationcontrollers - - resourcequotas - - serviceaccounts - - services verbs: + - delete - get - list + - watch --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator-election-role - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-election-role -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: null - creationTimestamp: null - labels: - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: operator - app.kubernetes.io/version: v25.1.1-beta3 - helm.sh/chart: operator-25.1.1-beta3 - name: operator - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator -subjects: -- kind: ServiceAccount - name: operator - namespace: default ---- -# Source: operator/templates/entry-point.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -95520,12 +91119,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-additional-controllers - namespace: default + name: operator-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-additional-controllers + kind: ClusterRole + name: operator-default subjects: - kind: ServiceAccount name: operator @@ -95533,9 +91131,9 @@ subjects: --- # Source: operator/templates/entry-point.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: - annotations: null + annotations: {} creationTimestamp: null labels: app.kubernetes.io/instance: operator @@ -95543,12 +91141,11 @@ metadata: app.kubernetes.io/name: operator app.kubernetes.io/version: v25.1.1-beta3 helm.sh/chart: operator-25.1.1-beta3 - name: operator-rpk-bundle - namespace: default + name: operator-additional-controllers-default roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: operator-rpk-bundle + kind: ClusterRole + name: operator-additional-controllers-default subjects: - kind: ServiceAccount name: operator @@ -95613,9 +91210,8 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --webhook-enabled=false - - --namespace=default - --log-level=info + - --webhook-enabled=false - --configurator-tag=v25.1.1-beta3 - --configurator-base-image=docker.redpanda.com/redpandadata/redpanda-operator command: diff --git a/operator/chart/values.go b/operator/chart/values.go index 6876fd600..e3a3c9483 100644 --- a/operator/chart/values.go +++ b/operator/chart/values.go @@ -17,11 +17,6 @@ import ( corev1 "k8s.io/api/core/v1" ) -const ( - Namespace = OperatorScope("Namespace") - Cluster = OperatorScope("Cluster") -) - var ( //go:embed values.yaml DefaultValuesYAML []byte @@ -31,34 +26,38 @@ var ( ) type Values struct { - NameOverride string `json:"nameOverride"` - FullnameOverride string `json:"fullnameOverride"` - ReplicaCount int32 `json:"replicaCount"` - ClusterDomain string `json:"clusterDomain"` - Image Image `json:"image"` - Config Config `json:"config"` - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets"` - LogLevel string `json:"logLevel"` - RBAC RBAC `json:"rbac"` - Webhook Webhook `json:"webhook"` - ServiceAccount ServiceAccountConfig `json:"serviceAccount"` - Resources corev1.ResourceRequirements `json:"resources"` - NodeSelector map[string]string `json:"nodeSelector"` - Tolerations []corev1.Toleration `json:"tolerations"` - Affinity *corev1.Affinity `json:"affinity" jsonschema:"deprecated"` - Strategy appsv1.DeploymentStrategy `json:"strategy"` - Annotations map[string]string `json:"annotations,omitempty"` - PodAnnotations map[string]string `json:"podAnnotations"` - PodLabels map[string]string `json:"podLabels"` - AdditionalCmdFlags []string `json:"additionalCmdFlags"` - CommonLabels map[string]string `json:"commonLabels"` - Monitoring MonitoringConfig `json:"monitoring"` - WebhookSecretName string `json:"webhookSecretName"` - PodTemplate *PodTemplateSpec `json:"podTemplate,omitempty"` - LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty"` - ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty"` - Scope OperatorScope `json:"scope" jsonschema:"required,pattern=^(Namespace|Cluster)$,description=Sets the scope of the Redpanda Operator."` - CRDs CRDs `json:"crds"` + NameOverride string `json:"nameOverride"` + FullnameOverride string `json:"fullnameOverride"` + ReplicaCount int32 `json:"replicaCount"` + ClusterDomain string `json:"clusterDomain"` + Image Image `json:"image"` + Config Config `json:"config"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets"` + LogLevel string `json:"logLevel"` + RBAC RBAC `json:"rbac"` + Webhook Webhook `json:"webhook"` + ServiceAccount ServiceAccountConfig `json:"serviceAccount"` + Resources corev1.ResourceRequirements `json:"resources"` + NodeSelector map[string]string `json:"nodeSelector"` + Tolerations []corev1.Toleration `json:"tolerations"` + Affinity *corev1.Affinity `json:"affinity" jsonschema:"deprecated"` + Strategy appsv1.DeploymentStrategy `json:"strategy"` + Annotations map[string]string `json:"annotations,omitempty"` + PodAnnotations map[string]string `json:"podAnnotations"` + PodLabels map[string]string `json:"podLabels"` + AdditionalCmdFlags []string `json:"additionalCmdFlags"` + CommonLabels map[string]string `json:"commonLabels"` + Monitoring MonitoringConfig `json:"monitoring"` + WebhookSecretName string `json:"webhookSecretName"` + PodTemplate *PodTemplateSpec `json:"podTemplate,omitempty"` + LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty"` + ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty"` + CRDs CRDs `json:"crds"` + VectorizedControllers VectorizedControllers `json:"vectorizedControllers"` +} + +type VectorizedControllers struct { + Enabled bool `json:"enabled"` } type CRDs struct { @@ -76,8 +75,6 @@ type Metadata struct { Annotations map[string]string `json:"annotations,omitempty"` } -type OperatorScope string - type Image struct { Repository string `json:"repository"` PullPolicy corev1.PullPolicy `json:"pullPolicy" jsonschema:"required,pattern=^(Always|Never|IfNotPresent)$,description=The Kubernetes Pod image pull policy."` @@ -119,7 +116,6 @@ type LeaderElectionConfig struct { type RBAC struct { Create bool `json:"create"` CreateAdditionalControllerCRs bool `json:"createAdditionalControllerCRs"` - CreateRPKBundleCRs bool `json:"createRPKBundleCRs"` } type Webhook struct { diff --git a/operator/chart/values.schema.json b/operator/chart/values.schema.json index 2bbd19f2f..d51f178a3 100644 --- a/operator/chart/values.schema.json +++ b/operator/chart/values.schema.json @@ -5966,9 +5966,6 @@ }, "createAdditionalControllerCRs": { "type": "boolean" - }, - "createRPKBundleCRs": { - "type": "boolean" } }, "type": "object" @@ -6153,11 +6150,6 @@ }, "type": "object" }, - "scope": { - "description": "Sets the scope of the Redpanda Operator.", - "pattern": "^(Namespace|Cluster)$", - "type": "string" - }, "serviceAccount": { "additionalProperties": false, "properties": { @@ -6245,6 +6237,15 @@ } ] }, + "vectorizedControllers": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, "webhook": { "additionalProperties": false, "properties": { @@ -6258,8 +6259,5 @@ "type": "string" } }, - "required": [ - "scope" - ], "type": "object" } diff --git a/operator/chart/values.yaml b/operator/chart/values.yaml index c41e12312..6d0a5cfa2 100644 --- a/operator/chart/values.yaml +++ b/operator/chart/values.yaml @@ -64,8 +64,6 @@ rbac: # -- Create RBAC cluster roles needed for the Redpanda Helm chart's 'rbac.enabled' feature. # WARNING: Disabling this value may prevent the operator from deploying certain configurations of redpanda. createAdditionalControllerCRs: true - # -- Create ClusterRoles needed for the Redpanda Helm chart's 'rbac.rpkDebugBundle' feature. - createRPKBundleCRs: true # -- Specifies whether to create Webhook resources both to intercept and potentially modify or reject Kubernetes API requests as well as authenticate requests to the Kubernetes API. Only valid when `scope` is set to Cluster. webhook: @@ -137,6 +135,11 @@ additionalCmdFlags: [] # For example, `my.k8s.service: redpanda-operator`. commonLabels: {} +# @ignored +# Enables controllers for the Resources in the Vectorized group. +vectorizedControllers: + enabled: false + # -- Configuration for monitoring. monitoring: # -- Creates a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. @@ -179,8 +182,3 @@ podTemplate: # For details, # see the [Kubernetes documentation](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#Probe). # readinessProbe: - -# -- Sets the scope of the Redpanda Operator. -# Valid values are `Cluster` or `Namespace`. -# The Cluster scope is deprecated because it deploys the deprecated version of the Redpanda Operator. Use the default Namespace scope. In the Namespace scope, the Redpanda Operator manages Redpanda resources that are deployed in the same namespace as itself. -scope: Namespace diff --git a/operator/chart/values_partial.gen.go b/operator/chart/values_partial.gen.go index 31e7d3169..d063041e2 100644 --- a/operator/chart/values_partial.gen.go +++ b/operator/chart/values_partial.gen.go @@ -19,34 +19,34 @@ import ( ) type PartialValues struct { - NameOverride *string "json:\"nameOverride,omitempty\"" - FullnameOverride *string "json:\"fullnameOverride,omitempty\"" - ReplicaCount *int32 "json:\"replicaCount,omitempty\"" - ClusterDomain *string "json:\"clusterDomain,omitempty\"" - Image *PartialImage "json:\"image,omitempty\"" - Config *PartialConfig "json:\"config,omitempty\"" - ImagePullSecrets []corev1.LocalObjectReference "json:\"imagePullSecrets,omitempty\"" - LogLevel *string "json:\"logLevel,omitempty\"" - RBAC *PartialRBAC "json:\"rbac,omitempty\"" - Webhook *PartialWebhook "json:\"webhook,omitempty\"" - ServiceAccount *PartialServiceAccountConfig "json:\"serviceAccount,omitempty\"" - Resources *corev1.ResourceRequirements "json:\"resources,omitempty\"" - NodeSelector map[string]string "json:\"nodeSelector,omitempty\"" - Tolerations []corev1.Toleration "json:\"tolerations,omitempty\"" - Affinity *corev1.Affinity "json:\"affinity,omitempty\" jsonschema:\"deprecated\"" - Strategy *appsv1.DeploymentStrategy "json:\"strategy,omitempty\"" - Annotations map[string]string "json:\"annotations,omitempty\"" - PodAnnotations map[string]string "json:\"podAnnotations,omitempty\"" - PodLabels map[string]string "json:\"podLabels,omitempty\"" - AdditionalCmdFlags []string "json:\"additionalCmdFlags,omitempty\"" - CommonLabels map[string]string "json:\"commonLabels,omitempty\"" - Monitoring *PartialMonitoringConfig "json:\"monitoring,omitempty\"" - WebhookSecretName *string "json:\"webhookSecretName,omitempty\"" - PodTemplate *PartialPodTemplateSpec "json:\"podTemplate,omitempty\"" - LivenessProbe *corev1.Probe "json:\"livenessProbe,omitempty\"" - ReadinessProbe *corev1.Probe "json:\"readinessProbe,omitempty\"" - Scope *OperatorScope "json:\"scope,omitempty\" jsonschema:\"required,pattern=^(Namespace|Cluster)$,description=Sets the scope of the Redpanda Operator.\"" - CRDs *PartialCRDs "json:\"crds,omitempty\"" + NameOverride *string "json:\"nameOverride,omitempty\"" + FullnameOverride *string "json:\"fullnameOverride,omitempty\"" + ReplicaCount *int32 "json:\"replicaCount,omitempty\"" + ClusterDomain *string "json:\"clusterDomain,omitempty\"" + Image *PartialImage "json:\"image,omitempty\"" + Config *PartialConfig "json:\"config,omitempty\"" + ImagePullSecrets []corev1.LocalObjectReference "json:\"imagePullSecrets,omitempty\"" + LogLevel *string "json:\"logLevel,omitempty\"" + RBAC *PartialRBAC "json:\"rbac,omitempty\"" + Webhook *PartialWebhook "json:\"webhook,omitempty\"" + ServiceAccount *PartialServiceAccountConfig "json:\"serviceAccount,omitempty\"" + Resources *corev1.ResourceRequirements "json:\"resources,omitempty\"" + NodeSelector map[string]string "json:\"nodeSelector,omitempty\"" + Tolerations []corev1.Toleration "json:\"tolerations,omitempty\"" + Affinity *corev1.Affinity "json:\"affinity,omitempty\" jsonschema:\"deprecated\"" + Strategy *appsv1.DeploymentStrategy "json:\"strategy,omitempty\"" + Annotations map[string]string "json:\"annotations,omitempty\"" + PodAnnotations map[string]string "json:\"podAnnotations,omitempty\"" + PodLabels map[string]string "json:\"podLabels,omitempty\"" + AdditionalCmdFlags []string "json:\"additionalCmdFlags,omitempty\"" + CommonLabels map[string]string "json:\"commonLabels,omitempty\"" + Monitoring *PartialMonitoringConfig "json:\"monitoring,omitempty\"" + WebhookSecretName *string "json:\"webhookSecretName,omitempty\"" + PodTemplate *PartialPodTemplateSpec "json:\"podTemplate,omitempty\"" + LivenessProbe *corev1.Probe "json:\"livenessProbe,omitempty\"" + ReadinessProbe *corev1.Probe "json:\"readinessProbe,omitempty\"" + CRDs *PartialCRDs "json:\"crds,omitempty\"" + VectorizedControllers *PartialVectorizedControllers "json:\"vectorizedControllers,omitempty\"" } type PartialImage struct { @@ -67,7 +67,6 @@ type PartialConfig struct { type PartialRBAC struct { Create *bool "json:\"create,omitempty\"" CreateAdditionalControllerCRs *bool "json:\"createAdditionalControllerCRs,omitempty\"" - CreateRPKBundleCRs *bool "json:\"createRPKBundleCRs,omitempty\"" } type PartialWebhook struct { @@ -90,6 +89,10 @@ type PartialCRDs struct { Experimental *bool "json:\"experimental,omitempty\"" } +type PartialVectorizedControllers struct { + Enabled *bool "json:\"enabled,omitempty\"" +} + type PartialPodTemplateSpec struct { Metadata *PartialMetadata "json:\"metadata,omitempty\"" Spec *corev1.PodSpec "json:\"spec,omitempty\" jsonschema:\"required\"" diff --git a/operator/cmd/crd/crd.go b/operator/cmd/crd/crd.go index b194c11f7..7da3e0610 100644 --- a/operator/cmd/crd/crd.go +++ b/operator/cmd/crd/crd.go @@ -36,6 +36,10 @@ var ( crds.User(), crds.Schema(), } + vectorizedCRDs = []*apiextensionsv1.CustomResourceDefinition{ + crds.Cluster(), + crds.Console(), + } experimentalCRDs = []*apiextensionsv1.CustomResourceDefinition{ crds.NodePool(), } @@ -49,6 +53,7 @@ var ( func Command() *cobra.Command { var experimental bool + var vectorized bool cmd := &cobra.Command{ Use: "crd", Short: "Install CRDs into the cluster", @@ -58,11 +63,13 @@ func Command() *cobra.Command { run( ctx, experimental, + vectorized, ) }, } cmd.Flags().BoolVar(&experimental, "experimental", false, "Install experimental CRDs") + cmd.Flags().BoolVar(&vectorized, "vectorized", false, "Install vectorized group (Cluster, Console) AKA the V1 Operator CRDs") return cmd } @@ -70,6 +77,7 @@ func Command() *cobra.Command { func run( ctx context.Context, experimental bool, + vectorized bool, ) { crdType := "stable" if experimental { @@ -94,6 +102,10 @@ func run( toInstall = append(toInstall, experimentalCRDs...) } + if vectorized { + toInstall = append(toInstall, vectorizedCRDs...) + } + var errs []error for _, crd := range toInstall { errs = append(errs, ensureCRD(ctx, k8sClient, crd)) diff --git a/operator/cmd/run/run.go b/operator/cmd/run/run.go index 0da9aeede..0c6c5ca17 100644 --- a/operator/cmd/run/run.go +++ b/operator/cmd/run/run.go @@ -41,7 +41,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - redpandav1alpha2 "github.com/redpanda-data/redpanda-operator/operator/api/redpanda/v1alpha2" vectorizedv1alpha1 "github.com/redpanda-data/redpanda-operator/operator/api/vectorized/v1alpha1" "github.com/redpanda-data/redpanda-operator/operator/cmd/version" "github.com/redpanda-data/redpanda-operator/operator/internal/controller" @@ -59,28 +58,35 @@ import ( "github.com/redpanda-data/redpanda-operator/operator/pkg/resources" pkgsecrets "github.com/redpanda-data/redpanda-operator/operator/pkg/secrets" redpandawebhooks "github.com/redpanda-data/redpanda-operator/operator/webhooks/redpanda" + "github.com/redpanda-data/redpanda-operator/pkg/otelutil/log" ) +type Controller string + const ( defaultConfiguratorContainerImage = "docker.redpanda.com/redpandadata/redpanda-operator" DefaultRedpandaImageTag = "v25.2.1" DefaultRedpandaRepository = "docker.redpanda.com/redpandadata/redpanda" - AllControllers = RedpandaController("all") - NodeController = RedpandaController("nodeWatcher") - DecommissionController = RedpandaController("decommission") - - OperatorV1Mode = OperatorState("Clustered-v1") - OperatorV2Mode = OperatorState("Namespaced-v2") - NamespaceControllerMode = OperatorState("Namespaced-Controllers") + AllNonVectorizedControllers = Controller("all") + NodeWatcherController = Controller("nodeWatcher") + OldDecommissionController = Controller("decommission") ) var availableControllers = []string{ - NodeController.toString(), - DecommissionController.toString(), + string(NodeWatcherController), + string(OldDecommissionController), } type RunOptions struct { + namespace string + additionalControllers []string + + // enableVectorizedControllers controls whether or not controllers for + // resources in the vectorized group (Cluster, Console) AKA the V1 Operator + // will be enabled or not. + enableVectorizedControllers bool + managerOptions ctrl.Options clusterDomain string secureMetrics bool @@ -95,9 +101,6 @@ type RunOptions struct { metricsTimeout time.Duration rpClientTimeout time.Duration restrictToRedpandaVersion string - namespace string - additionalControllers []string - operatorMode bool ghostbuster bool unbindPVCsAfter time.Duration unbinderSelector LabelSelectorValue @@ -137,6 +140,7 @@ func (o *RunOptions) BindFlags(cmd *cobra.Command) { cmd.Flags().BoolVar(&o.webhookEnabled, "webhook-enabled", false, "Enable webhook Manager") // Controller flags. + cmd.Flags().BoolVar(&o.enableVectorizedControllers, "enable-vectorized-controllers", false, "Specifies whether or not to enabled the legacy controllers for resources in the Vectorized Group (Also known as V1 operator mode)") cmd.Flags().StringVar(&o.clusterDomain, "cluster-domain", "cluster.local", "Set the Kubernetes local domain (Kubelet's --cluster-domain)") cmd.Flags().StringVar(&o.configuratorBaseImage, "configurator-base-image", defaultConfiguratorContainerImage, "The repository of the operator container image for use in self-referential deployments, such as the configurator and sidecar") cmd.Flags().StringVar(&o.configuratorTag, "configurator-tag", version.Version, "The tag of the operator container image for use in self-referential deployments, such as the configurator and sidecar") @@ -150,7 +154,6 @@ func (o *RunOptions) BindFlags(cmd *cobra.Command) { cmd.Flags().BoolVar(&o.ghostbuster, "unsafe-decommission-failed-brokers", false, "Set to enable decommissioning a failed broker that is configured but does not exist in the StatefulSet (ghost broker). This may result in invalidating valid data") _ = cmd.Flags().MarkHidden("unsafe-decommission-failed-brokers") cmd.Flags().StringSliceVar(&o.additionalControllers, "additional-controllers", []string{""}, fmt.Sprintf("which controllers to run, available: all, %s", strings.Join(availableControllers, ", "))) - cmd.Flags().BoolVar(&o.operatorMode, "operator-mode", true, "enables to run as an operator, setting this to false will disable cluster (deprecated), redpanda resources reconciliation.") cmd.Flags().DurationVar(&o.unbindPVCsAfter, "unbind-pvcs-after", 0, "if not zero, runs the PVCUnbinder controller which attempts to 'unbind' the PVCs' of Pods that are Pending for longer than the given duration") cmd.Flags().BoolVar(&o.allowPVRebinding, "allow-pv-rebinding", false, "controls whether or not PVs unbound by the PVCUnbinder have their .ClaimRef cleared, which allows them to be reused") cmd.Flags().Var(&o.unbinderSelector, "unbinder-label-selector", "if provided, a Kubernetes label selector that will filter Pods to be considered by the PVCUnbinder.") @@ -178,25 +181,18 @@ func (o *RunOptions) BindFlags(cmd *cobra.Command) { cmd.Flags().String("helm-repository-url", "https://charts.redpanda.com/", "A deprecated and unused flag") cmd.Flags().Bool("force-defluxed-mode", false, "A deprecated and unused flag") cmd.Flags().Bool("allow-pvc-deletion", false, "Deprecated: Ignored if specified") + cmd.Flags().Bool("operator-mode", true, "A deprecated and unused flag") } -func (o *RunOptions) ControllerEnabled(controller RedpandaController) bool { +func (o *RunOptions) ControllerEnabled(controller Controller) bool { for _, c := range o.additionalControllers { - if RedpandaController(c) == AllControllers || RedpandaController(c) == controller { + if Controller(c) == AllNonVectorizedControllers || Controller(c) == controller { return true } } return false } -type RedpandaController string - -type OperatorState string - -func (r RedpandaController) toString() string { - return string(r) -} - type LabelSelectorValue struct { Selector labels.Selector } @@ -260,21 +256,6 @@ func Command() *cobra.Command { return cmd } -type v1Fetcher struct { - client kubeClient.Client -} - -func (f *v1Fetcher) FetchLatest(ctx context.Context, name, namespace string) (any, error) { - var vectorizedCluster vectorizedv1alpha1.Cluster - if err := f.client.Get(ctx, types.NamespacedName{ - Name: name, - Namespace: namespace, - }, &vectorizedCluster); err != nil { - return nil, err - } - return &vectorizedCluster, nil -} - //nolint:funlen,gocyclo // length looks good func Run( ctx context.Context, @@ -401,235 +382,234 @@ func Run( return err } - // init running state values if we are not in operator mode - var operatorRunningState OperatorState - if opts.namespace != "" { - operatorRunningState = NamespaceControllerMode + // Configure controllers that are always enabled (Redpanda, Topic, User, Schema). + + factory := internalclient.NewFactory(mgr.GetConfig(), mgr.GetClient()).WithAdminClientTimeout(opts.rpClientTimeout) + + cloudSecrets := lifecycle.CloudSecretsFlags{ + CloudSecretsEnabled: opts.cloudSecretsEnabled, + CloudSecretsPrefix: opts.cloudSecretsPrefix, + CloudSecretsAWSRegion: opts.cloudSecretsConfig.AWSRegion, + CloudSecretsAWSRoleARN: opts.cloudSecretsConfig.AWSRoleARN, + CloudSecretsGCPProjectID: opts.cloudSecretsConfig.GCPProjectID, + CloudSecretsAzureKeyVaultURI: opts.cloudSecretsConfig.AzureKeyVaultURI, } - // but if we are in operator mode, then the run state is different - if opts.operatorMode { - operatorRunningState = OperatorV1Mode - if opts.namespace != "" { - operatorRunningState = OperatorV2Mode - } + sidecarImage := lifecycle.Image{ + Repository: opts.configuratorBaseImage, + Tag: opts.configuratorTag, } - // Now we start different processes depending on state - switch operatorRunningState { - case OperatorV1Mode: - ctrl.Log.Info("running in v1", "mode", OperatorV1Mode) - - configurator := resources.ConfiguratorSettings{ - ConfiguratorBaseImage: opts.configuratorBaseImage, - ConfiguratorTag: opts.configuratorTag, - ImagePullPolicy: corev1.PullPolicy(opts.configuratorImagePullPolicy), - CloudSecretsEnabled: opts.cloudSecretsEnabled, - CloudSecretsPrefix: opts.cloudSecretsPrefix, - CloudSecretsAWSRegion: opts.cloudSecretsConfig.AWSRegion, - CloudSecretsAWSRoleARN: opts.cloudSecretsConfig.AWSRoleARN, - CloudSecretsGCPProjectID: opts.cloudSecretsConfig.GCPProjectID, - CloudSecretsAzureKeyVaultURI: opts.cloudSecretsConfig.AzureKeyVaultURI, - } + redpandaImage := lifecycle.Image{ + Repository: opts.redpandaDefaultRepository, + Tag: opts.redpandaDefaultTag, + } + + // Redpanda Reconciler + if err := (&redpandacontrollers.RedpandaReconciler{ + KubeConfig: mgr.GetConfig(), + Client: mgr.GetClient(), + EventRecorder: mgr.GetEventRecorderFor("RedpandaReconciler"), + LifecycleClient: lifecycle.NewResourceClient(mgr, lifecycle.V2ResourceManagers(redpandaImage, sidecarImage, cloudSecrets)), + ClientFactory: factory, + CloudSecretsExpander: cloudExpander, + }).SetupWithManager(ctx, mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Redpanda") + return err + } + + if err := (&redpandacontrollers.TopicReconciler{ + Client: mgr.GetClient(), + Factory: factory, + Scheme: mgr.GetScheme(), + EventRecorder: mgr.GetEventRecorderFor("TopicReconciler"), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Topic") + return err + } + + if err := redpandacontrollers.SetupUserController(ctx, mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "User") + return err + } - adminAPIClientFactory := adminutils.CachedNodePoolAdminAPIClientFactory(adminutils.NewNodePoolInternalAdminAPI) - - if err = (&vectorizedcontrollers.ClusterReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("redpanda").WithName("Cluster"), - Scheme: mgr.GetScheme(), - AdminAPIClientFactory: adminAPIClientFactory, - DecommissionWaitInterval: opts.decommissionWaitInterval, - MetricsTimeout: opts.metricsTimeout, - RestrictToRedpandaVersion: opts.restrictToRedpandaVersion, - GhostDecommissioning: opts.ghostbuster, - AutoDeletePVCs: opts.autoDeletePVCs, - CloudSecretsExpander: cloudExpander, - Timeout: opts.rpClientTimeout, - }).WithClusterDomain(opts.clusterDomain).WithConfiguratorSettings(configurator).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "Unable to create controller", "controller", "Cluster") + if err := redpandacontrollers.SetupSchemaController(ctx, mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Schema") + return err + } + + // Next configure and setup optional controllers. + + if opts.enableVectorizedControllers { + setupLog.Info("setting up vectorized controllers") + if err := setupVectorizedControllers(ctx, mgr, cloudExpander, opts); err != nil { return err } + } - if err = vectorizedcontrollers.NewClusterMetricsController(mgr.GetClient()). - SetupWithManager(mgr); err != nil { - setupLog.Error(err, "Unable to create controller", "controller", "ClustersMetrics") + if opts.ControllerEnabled(NodeWatcherController) { + if err = (&nodewatcher.RedpandaNodePVCReconciler{ + Client: mgr.GetClient(), + OperatorMode: true, + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "RedpandaNodePVCReconciler") return err } + } - if err = (&vectorizedcontrollers.ConsoleReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - Log: ctrl.Log.WithName("controllers").WithName("redpanda").WithName("Console"), - AdminAPIClientFactory: adminAPIClientFactory, - Store: consolepkg.NewStore(mgr.GetClient(), mgr.GetScheme()), - EventRecorder: mgr.GetEventRecorderFor("Console"), - KafkaAdminClientFactory: consolepkg.NewKafkaAdmin, - }).WithClusterDomain(opts.clusterDomain).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Console") + if opts.ControllerEnabled(OldDecommissionController) { + if err = (&olddecommission.DecommissionReconciler{ + Client: mgr.GetClient(), + OperatorMode: true, + DecommissionWaitInterval: opts.decommissionWaitInterval, + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "DecommissionReconciler") return err } + } + + // The unbinder gets to run in any mode, if it's enabled. + if opts.unbindPVCsAfter <= 0 { + setupLog.Info("PVCUnbinder controller not active", "unbind-after", opts.unbindPVCsAfter, "selector", opts.unbinderSelector, "allow-pv-rebinding", opts.allowPVRebinding) + } else { + setupLog.Info("starting PVCUnbinder controller", "unbind-after", opts.unbindPVCsAfter, "selector", opts.unbinderSelector, "allow-pv-rebinding", opts.allowPVRebinding) - if err = (&redpandacontrollers.TopicReconciler{ - Client: mgr.GetClient(), - Factory: internalclient.NewFactory(mgr.GetConfig(), mgr.GetClient()).WithAdminClientTimeout(opts.rpClientTimeout), - Scheme: mgr.GetScheme(), - EventRecorder: mgr.GetEventRecorderFor("TopicReconciler"), + if err := (&pvcunbinder.Controller{ + Client: mgr.GetClient(), + Timeout: opts.unbindPVCsAfter, + Selector: opts.unbinderSelector.Selector, + AllowRebinding: opts.allowPVRebinding, }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Topic") + setupLog.Error(err, "unable to create controller", "controller", "PVCUnbinder") return err } + } - // Setup webhooks - if opts.webhookEnabled { - setupLog.Info("Setup webhook") - if err = (&vectorizedv1alpha1.Cluster{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "Unable to create webhook", "webhook", "RedpandaCluster") - return err - } - hookServer := mgr.GetWebhookServer() - hookServer.Register("/mutate-redpanda-vectorized-io-v1alpha1-console", &webhook.Admission{ - Handler: &redpandawebhooks.ConsoleDefaulter{ - Client: mgr.GetClient(), - Decoder: admission.NewDecoder(mgr.GetScheme()), - }, - }) - hookServer.Register("/validate-redpanda-vectorized-io-v1alpha1-console", &webhook.Admission{ - Handler: &redpandawebhooks.ConsoleValidator{ - Client: mgr.GetClient(), - Decoder: admission.NewDecoder(mgr.GetScheme()), - }, - }) - } - case OperatorV2Mode: - ctrl.Log.Info("running in v2", "mode", OperatorV2Mode, "namespace", opts.namespace) - - factory := internalclient.NewFactory(mgr.GetConfig(), mgr.GetClient()).WithAdminClientTimeout(opts.rpClientTimeout) - - cloudSecrets := lifecycle.CloudSecretsFlags{ - CloudSecretsEnabled: opts.cloudSecretsEnabled, - CloudSecretsPrefix: opts.cloudSecretsPrefix, - CloudSecretsAWSRegion: opts.cloudSecretsConfig.AWSRegion, - CloudSecretsAWSRoleARN: opts.cloudSecretsConfig.AWSRoleARN, - CloudSecretsGCPProjectID: opts.cloudSecretsConfig.GCPProjectID, - CloudSecretsAzureKeyVaultURI: opts.cloudSecretsConfig.AzureKeyVaultURI, - } + //+kubebuilder:scaffold:builder - sidecarImage := lifecycle.Image{ - Repository: opts.configuratorBaseImage, - Tag: opts.configuratorTag, - } + if err := mgr.AddHealthzCheck("health", healthz.Ping); err != nil { + setupLog.Error(err, "Unable to set up health check") + return err + } - redpandaImage := lifecycle.Image{ - Repository: opts.redpandaDefaultRepository, - Tag: opts.redpandaDefaultTag, - } + if err := mgr.AddReadyzCheck("check", healthz.Ping); err != nil { + setupLog.Error(err, "Unable to set up ready check") + return err + } - // Redpanda Reconciler - if err = (&redpandacontrollers.RedpandaReconciler{ - KubeConfig: mgr.GetConfig(), - Client: mgr.GetClient(), - EventRecorder: mgr.GetEventRecorderFor("RedpandaReconciler"), - LifecycleClient: lifecycle.NewResourceClient(mgr, lifecycle.V2ResourceManagers(redpandaImage, sidecarImage, cloudSecrets)), - ClientFactory: factory, - CloudSecretsExpander: cloudExpander, - }).SetupWithManager(ctx, mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Redpanda") + if opts.webhookEnabled { + hookServer := mgr.GetWebhookServer() + if err := mgr.AddReadyzCheck("webhook", hookServer.StartedChecker()); err != nil { + setupLog.Error(err, "unable to create ready check") return err } - if err = (&redpandacontrollers.TopicReconciler{ - Client: mgr.GetClient(), - Factory: factory, - Scheme: mgr.GetScheme(), - EventRecorder: mgr.GetEventRecorderFor("TopicReconciler"), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Topic") + if err := mgr.AddHealthzCheck("webhook", hookServer.StartedChecker()); err != nil { + setupLog.Error(err, "unable to create health check") return err } + } - if err = redpandacontrollers.SetupUserController(ctx, mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "User") - return err - } + setupLog.Info("Starting manager") - if err = redpandacontrollers.SetupSchemaController(ctx, mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Schema") - return err - } + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "Problem running manager") + return err + } - if opts.ControllerEnabled(NodeController) { - if err = (&nodewatcher.RedpandaNodePVCReconciler{ - Client: mgr.GetClient(), - OperatorMode: opts.operatorMode, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "RedpandaNodePVCReconciler") - return err - } - } + return nil +} - if opts.ControllerEnabled(DecommissionController) { - if err = (&olddecommission.DecommissionReconciler{ - Client: mgr.GetClient(), - OperatorMode: opts.operatorMode, - DecommissionWaitInterval: opts.decommissionWaitInterval, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "DecommissionReconciler") - return err - } - } +type v1Fetcher struct { + client kubeClient.Client +} - if opts.webhookEnabled { - setupLog.Info("Setup Redpanda conversion webhook") - if err = (&redpandav1alpha2.Redpanda{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "Unable to create webhook", "webhook", "RedpandaConversion") - return err - } - } +func (f *v1Fetcher) FetchLatest(ctx context.Context, name, namespace string) (any, error) { + var vectorizedCluster vectorizedv1alpha1.Cluster + if err := f.client.Get(ctx, types.NamespacedName{ + Name: name, + Namespace: namespace, + }, &vectorizedCluster); err != nil { + return nil, err + } + return &vectorizedCluster, nil +} - case NamespaceControllerMode: - ctrl.Log.Info("running as a namespace controller", "mode", NamespaceControllerMode, "namespace", opts.namespace) - if opts.ControllerEnabled(NodeController) { - if err = (&nodewatcher.RedpandaNodePVCReconciler{ - Client: mgr.GetClient(), - OperatorMode: opts.operatorMode, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "RedpandaNodePVCReconciler") - return err - } - } +// setupVectorizedControllers configures and registers controllers and +// runnables for the custom resources in the vectorized group, AKA the V1 +// operator. +func setupVectorizedControllers(ctx context.Context, mgr ctrl.Manager, cloudExpander *pkgsecrets.CloudExpander, opts *RunOptions) error { + log.Info(ctx, "Starting Vectorized (V1) Controllers") + + configurator := resources.ConfiguratorSettings{ + ConfiguratorBaseImage: opts.configuratorBaseImage, + ConfiguratorTag: opts.configuratorTag, + ImagePullPolicy: corev1.PullPolicy(opts.configuratorImagePullPolicy), + CloudSecretsEnabled: opts.cloudSecretsEnabled, + CloudSecretsPrefix: opts.cloudSecretsPrefix, + CloudSecretsAWSRegion: opts.cloudSecretsConfig.AWSRegion, + CloudSecretsAWSRoleARN: opts.cloudSecretsConfig.AWSRoleARN, + CloudSecretsGCPProjectID: opts.cloudSecretsConfig.GCPProjectID, + CloudSecretsAzureKeyVaultURI: opts.cloudSecretsConfig.AzureKeyVaultURI, + } - if opts.ControllerEnabled(DecommissionController) { - if err = (&olddecommission.DecommissionReconciler{ - Client: mgr.GetClient(), - OperatorMode: opts.operatorMode, - DecommissionWaitInterval: opts.decommissionWaitInterval, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "DecommissionReconciler") - return err - } - } - default: - err := errors.New("unable to run operator without specifying an operator state") - setupLog.Error(err, "shutting down") + adminAPIClientFactory := adminutils.CachedNodePoolAdminAPIClientFactory(adminutils.NewNodePoolInternalAdminAPI) + + if err := (&vectorizedcontrollers.ClusterReconciler{ + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("redpanda").WithName("Cluster"), + Scheme: mgr.GetScheme(), + AdminAPIClientFactory: adminAPIClientFactory, + DecommissionWaitInterval: opts.decommissionWaitInterval, + MetricsTimeout: opts.metricsTimeout, + RestrictToRedpandaVersion: opts.restrictToRedpandaVersion, + GhostDecommissioning: opts.ghostbuster, + AutoDeletePVCs: opts.autoDeletePVCs, + CloudSecretsExpander: cloudExpander, + Timeout: opts.rpClientTimeout, + }).WithClusterDomain(opts.clusterDomain).WithConfiguratorSettings(configurator).SetupWithManager(mgr); err != nil { + log.Error(ctx, err, "Unable to create controller", "controller", "Cluster") return err } - // The unbinder gets to run in any mode, if it's enabled. - if opts.unbindPVCsAfter <= 0 { - setupLog.Info("PVCUnbinder controller not active", "unbind-after", opts.unbindPVCsAfter, "selector", opts.unbinderSelector, "allow-pv-rebinding", opts.allowPVRebinding) - } else { - setupLog.Info("starting PVCUnbinder controller", "unbind-after", opts.unbindPVCsAfter, "selector", opts.unbinderSelector, "allow-pv-rebinding", opts.allowPVRebinding) + if err := vectorizedcontrollers.NewClusterMetricsController(mgr.GetClient()).SetupWithManager(mgr); err != nil { + log.Error(ctx, err, "Unable to create controller", "controller", "ClustersMetrics") + return err + } - if err := (&pvcunbinder.Controller{ - Client: mgr.GetClient(), - Timeout: opts.unbindPVCsAfter, - Selector: opts.unbinderSelector.Selector, - AllowRebinding: opts.allowPVRebinding, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "PVCUnbinder") + if err := (&vectorizedcontrollers.ConsoleReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Log: ctrl.Log.WithName("controllers").WithName("redpanda").WithName("Console"), + AdminAPIClientFactory: adminAPIClientFactory, + Store: consolepkg.NewStore(mgr.GetClient(), mgr.GetScheme()), + EventRecorder: mgr.GetEventRecorderFor("Console"), + KafkaAdminClientFactory: consolepkg.NewKafkaAdmin, + }).WithClusterDomain(opts.clusterDomain).SetupWithManager(mgr); err != nil { + log.Error(ctx, err, "unable to create controller", "controller", "Console") + return err + } + + // Setup webhooks + if opts.webhookEnabled { + log.Info(ctx, "Setup webhook") + if err := (&vectorizedv1alpha1.Cluster{}).SetupWebhookWithManager(mgr); err != nil { + log.Error(ctx, err, "Unable to create webhook", "webhook", "RedpandaCluster") return err } + hookServer := mgr.GetWebhookServer() + hookServer.Register("/mutate-redpanda-vectorized-io-v1alpha1-console", &webhook.Admission{ + Handler: &redpandawebhooks.ConsoleDefaulter{ + Client: mgr.GetClient(), + Decoder: admission.NewDecoder(mgr.GetScheme()), + }, + }) + hookServer.Register("/validate-redpanda-vectorized-io-v1alpha1-console", &webhook.Admission{ + Handler: &redpandawebhooks.ConsoleValidator{ + Client: mgr.GetClient(), + Decoder: admission.NewDecoder(mgr.GetScheme()), + }, + }) } if opts.enableGhostBrokerDecommissioner { @@ -743,43 +723,12 @@ func Run( return true, nil }), ) - if err := d.SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "StatefulSetDecommissioner") - return err - } - } - - //+kubebuilder:scaffold:builder - - if err := mgr.AddHealthzCheck("health", healthz.Ping); err != nil { - setupLog.Error(err, "Unable to set up health check") - return err - } - if err := mgr.AddReadyzCheck("check", healthz.Ping); err != nil { - setupLog.Error(err, "Unable to set up ready check") - return err - } - - if opts.webhookEnabled { - hookServer := mgr.GetWebhookServer() - if err := mgr.AddReadyzCheck("webhook", hookServer.StartedChecker()); err != nil { - setupLog.Error(err, "unable to create ready check") - return err - } - - if err := mgr.AddHealthzCheck("webhook", hookServer.StartedChecker()); err != nil { - setupLog.Error(err, "unable to create health check") + if err := d.SetupWithManager(mgr); err != nil { + log.Error(ctx, err, "unable to create controller", "controller", "StatefulSetDecommissioner") return err } } - setupLog.Info("Starting manager") - - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { - setupLog.Error(err, "Problem running manager") - return err - } - return nil } diff --git a/operator/config/crd/bases/crds.go b/operator/config/crd/bases/crds.go index ba3ad6ec3..e598ad5b2 100644 --- a/operator/config/crd/bases/crds.go +++ b/operator/config/crd/bases/crds.go @@ -109,6 +109,16 @@ func NodePool() *apiextensionsv1.CustomResourceDefinition { return mustT(ByName("nodepools.cluster.redpanda.com")) } +// Cluster returns the Cluster CustomResourceDefinition. +func Cluster() *apiextensionsv1.CustomResourceDefinition { + return mustT(ByName("clusters.redpanda.vectorized.io")) +} + +// Console returns the Console CustomResourceDefinition. +func Console() *apiextensionsv1.CustomResourceDefinition { + return mustT(ByName("consoles.redpanda.vectorized.io")) +} + func mustT[T any](r T, err error) T { must(err) return r diff --git a/operator/config/e2e-tests/manager.yaml b/operator/config/e2e-tests/manager.yaml index ba4bffaf8..e1ee0c789 100644 --- a/operator/config/e2e-tests/manager.yaml +++ b/operator/config/e2e-tests/manager.yaml @@ -22,6 +22,7 @@ spec: - "--log-level=trace" - "--enable-ghost-broker-decommissioner" - "--unbind-pvcs-after=5s" + - "--enable-vectorized-controllers" livenessProbe: timeoutSeconds: 10 readinessProbe: diff --git a/operator/config/rbac/bases/operator/role.yaml b/operator/config/rbac/bases/operator/role.yaml index e2407a47e..24e3db342 100644 --- a/operator/config/rbac/bases/operator/role.yaml +++ b/operator/config/rbac/bases/operator/role.yaml @@ -8,6 +8,10 @@ rules: - "" resources: - configmaps + - pods + - secrets + - serviceaccounts + - services verbs: - create - delete @@ -20,9 +24,6 @@ rules: - "" resources: - events - - secrets - - serviceaccounts - - services verbs: - create - get @@ -42,16 +43,7 @@ rules: - "" resources: - persistentvolumeclaims - verbs: - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - persistentvolumes - - pods verbs: - delete - get @@ -76,6 +68,14 @@ rules: - get - patch - update +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -89,6 +89,13 @@ rules: - patch - update - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update - apiGroups: - authentication.k8s.io resources: @@ -101,6 +108,30 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: @@ -159,6 +190,31 @@ rules: - patch - update - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -188,6 +244,8 @@ rules: resources: - clusterrolebindings - clusterroles + - rolebindings + - roles verbs: - create - delete @@ -245,10 +303,6 @@ rules: - "" resources: - configmaps - - pods - - secrets - - serviceaccounts - - services verbs: - create - delete @@ -265,6 +319,8 @@ rules: - pods/log - replicationcontrollers - resourcequotas + - serviceaccounts + - services verbs: - get - list @@ -289,69 +345,29 @@ rules: - update - watch - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - deployments - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - patch - - update -- apiGroups: - - autoscaling + - "" resources: - - horizontalpodautoscalers + - pods verbs: - - create - delete - get - list - - patch - - update - watch - apiGroups: - - batch + - "" resources: - - jobs + - secrets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - cert-manager.io + - apps resources: - - certificates - - issuers + - statefulsets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - coordination.k8s.io @@ -365,53 +381,3 @@ rules: - patch - update - watch -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/operator/config/rbac/itemized/old-decommission.yaml b/operator/config/rbac/itemized/old-decommission.yaml index 5c95d857c..0432371ee 100644 --- a/operator/config/rbac/itemized/old-decommission.yaml +++ b/operator/config/rbac/itemized/old-decommission.yaml @@ -8,6 +8,7 @@ rules: - "" resources: - configmaps + - pods - secrets verbs: - get @@ -16,51 +17,36 @@ rules: - apiGroups: - "" resources: - - persistentvolumes + - persistentvolumeclaims verbs: + - delete - get - list - patch - update - watch - apiGroups: - - cluster.redpanda.com + - "" resources: - - redpandas + - persistentvolumes verbs: - get - list + - patch + - update - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: old-decommission - namespace: default -rules: - apiGroups: - - "" + - apps resources: - - persistentvolumeclaims + - statefulsets/status verbs: - - delete - - get - - list - patch - update - - watch - apiGroups: - - "" + - cluster.redpanda.com resources: - - pods + - redpandas verbs: - get - list - watch -- apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - patch - - update diff --git a/operator/config/rbac/itemized/v2-manager.yaml b/operator/config/rbac/itemized/v2-manager.yaml index cc465f101..24ba4ae58 100644 --- a/operator/config/rbac/itemized/v2-manager.yaml +++ b/operator/config/rbac/itemized/v2-manager.yaml @@ -4,70 +4,6 @@ kind: ClusterRole metadata: name: v2-manager rules: -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers - verbs: - - update -- apiGroups: - - cluster.redpanda.com - resources: - - redpandas/status - - schemas/status - - topics/status - - users/status - verbs: - - get - - patch - - update -- apiGroups: - - cluster.redpanda.com - resources: - - schemas - - topics - - users - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: v2-manager - namespace: default -rules: - apiGroups: - "" resources: @@ -149,6 +85,50 @@ rules: - patch - update - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch - apiGroups: - coordination.k8s.io resources: @@ -201,6 +181,8 @@ rules: - apiGroups: - rbac.authorization.k8s.io resources: + - clusterrolebindings + - clusterroles - rolebindings - roles verbs: diff --git a/operator/internal/controller/olddecommission/redpanda_decommission_controller.go b/operator/internal/controller/olddecommission/redpanda_decommission_controller.go index a792e5db2..950019b83 100644 --- a/operator/internal/controller/olddecommission/redpanda_decommission_controller.go +++ b/operator/internal/controller/olddecommission/redpanda_decommission_controller.go @@ -35,10 +35,10 @@ import ( ) // +kubebuilder:rbac:groups=cluster.redpanda.com,resources=redpandas,verbs=get;list;watch; -// +kubebuilder:rbac:groups=core,namespace=default,resources=pods,verbs=get;list;watch; -// +kubebuilder:rbac:groups=core,namespace=default,resources=persistentvolumeclaims,verbs=get;list;update;patch;delete;watch +// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch; +// +kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=get;list;update;patch;delete;watch // +kubebuilder:rbac:groups=core,resources=persistentvolumes,verbs=get;list;update;patch;watch -// +kubebuilder:rbac:groups=apps,namespace=default,resources=statefulsets/status,verbs=update;patch +// +kubebuilder:rbac:groups=apps,resources=statefulsets/status,verbs=update;patch // Cluster wide access to configmaps and secrets are required as long as we're // fetching values from helm. // +kubebuilder:rbac:groups=core,resources=configmaps;secrets,verbs=get;list;watch diff --git a/operator/internal/controller/redpanda/redpanda_controller.go b/operator/internal/controller/redpanda/redpanda_controller.go index b4d3d80bf..9a05a3daf 100644 --- a/operator/internal/controller/redpanda/redpanda_controller.go +++ b/operator/internal/controller/redpanda/redpanda_controller.go @@ -76,32 +76,32 @@ type RedpandaReconciler struct { } // Any resource that the Redpanda helm chart creates and needs to reconcile. -// +kubebuilder:rbac:groups="",namespace=default,resources=pods,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,namespace=default,resources=roles;rolebindings,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=batch,namespace=default,resources=jobs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,namespace=default,resources=configmaps;secrets;services;serviceaccounts,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,namespace=default,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete; -// +kubebuilder:rbac:groups=apps,namespace=default,resources=controllerrevisions,verbs=get;list;watch; -// +kubebuilder:rbac:groups=policy,namespace=default,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,namespace=default,resources=deployments,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=cert-manager.io,namespace=default,resources=certificates,verbs=get;create;update;patch;delete;list;watch -// +kubebuilder:rbac:groups=cert-manager.io,namespace=default,resources=issuers,verbs=get;create;update;patch;delete;list;watch -// +kubebuilder:rbac:groups="monitoring.coreos.com",namespace=default,resources=podmonitors;servicemonitors,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=configmaps;secrets;services;serviceaccounts,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete; +// +kubebuilder:rbac:groups=apps,resources=controllerrevisions,verbs=get;list;watch; +// +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;create;update;patch;delete;list;watch +// +kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;create;update;patch;delete;list;watch +// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=podmonitors;servicemonitors,verbs=get;list;watch;create;update;patch;delete // Console chart -// +kubebuilder:rbac:groups=autoscaling,namespace=default,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=networking.k8s.io,namespace=default,resources=ingresses,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete // redpanda resources // +kubebuilder:rbac:groups=cluster.redpanda.com,resources=redpandas,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=cluster.redpanda.com,resources=redpandas/status,verbs=get;update;patch // +kubebuilder:rbac:groups=cluster.redpanda.com,resources=redpandas/finalizers,verbs=update -// +kubebuilder:rbac:groups=core,namespace=default,resources=events,verbs=create;patch +// +kubebuilder:rbac:groups=core,resources=events,verbs=create;patch // sidecar resources // The leases is used by controller-runtime in sidecar. Operator main reconciliation needs to have leases permissions in order to create role that have the same permissions. -// +kubebuilder:rbac:groups=coordination.k8s.io,namespace=default,resources=leases,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete // SetupWithManager sets up the controller with the Manager. func (r *RedpandaReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error { diff --git a/operator/internal/controller/redpanda/redpanda_controller_test.go b/operator/internal/controller/redpanda/redpanda_controller_test.go index a13596427..eaef88bbf 100644 --- a/operator/internal/controller/redpanda/redpanda_controller_test.go +++ b/operator/internal/controller/redpanda/redpanda_controller_test.go @@ -880,46 +880,7 @@ func (s *RedpandaControllerSuite) minimalRP() *redpandav1alpha2.Redpanda { Name: "rp-" + testenv.RandString(6), // GenerateName doesn't play nice with SSA. Annotations: make(map[string]string), }, - Spec: redpandav1alpha2.RedpandaSpec{ - // Any empty structs are to make setting them more ergonomic - // without having to worry about nil pointers. - ChartRef: redpandav1alpha2.ChartRef{}, - ClusterSpec: &redpandav1alpha2.RedpandaClusterSpec{ - Config: &redpandav1alpha2.Config{}, - External: &redpandav1alpha2.External{ - // Disable NodePort creation to stop broken tests from blocking others due to port conflicts. - Enabled: ptr.To(false), - }, - Image: &redpandav1alpha2.RedpandaImage{ - Repository: ptr.To("redpandadata/redpanda"), // Use docker.io to make caching easier and to not inflate our own metrics. - }, - Console: &redpandav1alpha2.RedpandaConsole{ - Enabled: ptr.To(false), // Speed up most cases by not enabling console to start. - }, - Statefulset: &redpandav1alpha2.Statefulset{ - Replicas: ptr.To(1), // Speed up tests ever so slightly. - PodAntiAffinity: &redpandav1alpha2.PodAntiAffinity{ - // Disable the default "hard" affinity so we can - // schedule multiple redpanda Pods on a single - // kubernetes node. Useful for tests that require > 3 - // brokers. - Type: ptr.To("soft"), - }, - // Speeds up managed decommission tests. Decommissioned - // nodes will take the entirety of - // TerminationGracePeriodSeconds as the pre-stop hook - // doesn't account for decommissioned nodes. - TerminationGracePeriodSeconds: ptr.To(10), - }, - Resources: &redpandav1alpha2.Resources{ - CPU: &redpandav1alpha2.CPU{ - // Inform redpanda/seastar that it's not going to get - // all the resources it's promised. - Overprovisioned: ptr.To(true), - }, - }, - }, - }, + Spec: redpandav1alpha2.MinimalRedpandaSpec(), } } @@ -1054,32 +1015,25 @@ func TestControllerRBAC(t *testing.T) { require.Len(t, gkvs, 1) gvk := gkvs[0] - rules := role.Rules - if !isNamespaced(typ) { - rules = clusterRole.Rules - } - group := gvk.Group kind := pluralize(gvk.Kind) + rules := clusterRole.Rules idx := slices.IndexFunc(rules, func(rule rbacv1.PolicyRule) bool { return slices.Contains(rule.APIGroups, group) && slices.Contains(rule.Resources, kind) }) + if idx == -1 { + rules = role.Rules + idx = slices.IndexFunc(rules, func(rule rbacv1.PolicyRule) bool { + return slices.Contains(rule.APIGroups, group) && slices.Contains(rule.Resources, kind) + }) + } require.NotEqual(t, -1, idx, "missing rules for %s %s", gvk.Group, kind) require.EqualValues(t, expectedVerbs, rules[idx].Verbs, "incorrect verbs for %s %s", gvk.Group, kind) } } -func isNamespaced(obj client.Object) bool { - switch obj.(type) { - case *corev1.Namespace, *rbacv1.ClusterRole, *rbacv1.ClusterRoleBinding: - return false - default: - return true - } -} - func pluralize(kind string) string { switch kind[len(kind)-1] { case 's': diff --git a/operator/internal/controller/redpanda/testdata/role.yaml b/operator/internal/controller/redpanda/testdata/role.yaml index 2fda26f86..8d8c4a02a 100644 --- a/operator/internal/controller/redpanda/testdata/role.yaml +++ b/operator/internal/controller/redpanda/testdata/role.yaml @@ -8,8 +8,29 @@ rules: - "" resources: - configmaps - - nodes + - pods - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes verbs: - get - list @@ -17,6 +38,7 @@ rules: - apiGroups: - "" resources: + - persistentvolumeclaims - persistentvolumes verbs: - delete @@ -26,21 +48,18 @@ rules: - update - watch - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io + - apps resources: - - subjectaccessreviews + - controllerrevisions verbs: - - create + - get + - list + - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas + - deployments + - statefulsets verbs: - create - delete @@ -50,42 +69,40 @@ rules: - update - watch - apiGroups: - - cluster.redpanda.com + - apps resources: - - redpandas/finalizers - - schemas/finalizers - - topics/finalizers - - users/finalizers + - statefulsets/status verbs: + - patch - update - apiGroups: - - cluster.redpanda.com + - authentication.k8s.io resources: - - redpandas/status - - schemas/status - - topics/status - - users/status + - tokenreviews verbs: - - get - - patch - - update + - create - apiGroups: - - cluster.redpanda.com + - authorization.k8s.io resources: - - schemas - - topics - - users + - subjectaccessreviews verbs: + - create +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete - get - list - patch - update - watch - apiGroups: - - rbac.authorization.k8s.io + - batch resources: - - clusterrolebindings - - clusterroles + - jobs verbs: - create - delete @@ -94,21 +111,11 @@ rules: - patch - update - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: manager - namespace: default -rules: - apiGroups: - - "" + - cert-manager.io resources: - - configmaps - - pods - - secrets - - serviceaccounts - - services + - certificates + - issuers verbs: - create - delete @@ -118,49 +125,53 @@ rules: - update - watch - apiGroups: - - "" + - cluster.redpanda.com resources: - - endpoints - - limitranges - - pods/log - - replicationcontrollers - - resourcequotas + - redpandas verbs: + - create + - delete - get - list + - patch + - update + - watch - apiGroups: - - "" + - cluster.redpanda.com resources: - - events + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers verbs: - - create - - get - - list - - patch + - update - apiGroups: - - "" + - cluster.redpanda.com resources: - - persistentvolumeclaims + - redpandas/status + - schemas/status + - topics/status + - users/status verbs: - - delete - get - - list - patch - update - - watch - apiGroups: - - apps + - cluster.redpanda.com resources: - - controllerrevisions + - schemas + - topics + - users verbs: - get - list + - patch + - update - watch - apiGroups: - - apps + - coordination.k8s.io resources: - - deployments - - statefulsets + - leases verbs: - create - delete @@ -170,16 +181,10 @@ rules: - update - watch - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - patch - - update -- apiGroups: - - autoscaling + - monitoring.coreos.com resources: - - horizontalpodautoscalers + - podmonitors + - servicemonitors verbs: - create - delete @@ -189,9 +194,9 @@ rules: - update - watch - apiGroups: - - batch + - networking.k8s.io resources: - - jobs + - ingresses verbs: - create - delete @@ -201,10 +206,9 @@ rules: - update - watch - apiGroups: - - cert-manager.io + - policy resources: - - certificates - - issuers + - poddisruptionbudgets verbs: - create - delete @@ -214,9 +218,12 @@ rules: - update - watch - apiGroups: - - coordination.k8s.io + - rbac.authorization.k8s.io resources: - - leases + - clusterrolebindings + - clusterroles + - rolebindings + - roles verbs: - create - delete @@ -225,11 +232,17 @@ rules: - patch - update - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manager + namespace: default +rules: - apiGroups: - - monitoring.coreos.com + - "" resources: - - podmonitors - - servicemonitors + - configmaps verbs: - create - delete @@ -239,34 +252,42 @@ rules: - update - watch - apiGroups: - - networking.k8s.io + - "" resources: - - ingresses + - endpoints + - limitranges + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +- apiGroups: + - "" + resources: + - events verbs: - create - - delete - get - list - patch - - update - - watch - apiGroups: - - policy + - "" resources: - - poddisruptionbudgets + - persistentvolumeclaims verbs: - - create - delete - get - list - patch - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - coordination.k8s.io resources: - - rolebindings - - roles + - leases verbs: - create - delete diff --git a/operator/internal/testenv/testenv.go b/operator/internal/testenv/testenv.go index 850d425a1..158fa7d09 100644 --- a/operator/internal/testenv/testenv.go +++ b/operator/internal/testenv/testenv.go @@ -47,6 +47,7 @@ type Env struct { group *errgroup.Group host *k3d.Cluster config *rest.Config + client client.Client } type Options struct { @@ -118,6 +119,8 @@ func New(t *testing.T, options Options) *Env { require.NoError(t, c.Create(ctx, ns)) + otelClient := otelkube.NewClient(client.NewNamespacedClient(c, ns.Name)) + env := &Env{ t: t, scheme: options.Scheme, @@ -128,11 +131,12 @@ func New(t *testing.T, options Options) *Env { cancel: cancel, host: host, config: config, + client: otelClient, } if !options.SkipVCluster { t.Logf("Executing in namespace '%s' of vCluster '%s'", ns.Name, cluster.Name()) - t.Logf("Connect to vCluster using 'vcluster connect --namespace %s %s -- '", cluster.Name(), cluster.Name()) + t.Logf("Connect to vCluster using 'vcluster connect --namespace %s %s -- bash'", cluster.Name(), cluster.Name()) } else { t.Logf("Executing in namespace '%s'", ns.Name) } @@ -157,12 +161,7 @@ func New(t *testing.T, options Options) *Env { } func (e *Env) Client() client.Client { - c, err := client.New(e.config, client.Options{ - Scheme: e.scheme, - }) - require.NoError(e.t, err) - - return otelkube.NewClient(client.NewNamespacedClient(c, e.namespace.Name)) + return e.client } func (e *Env) Namespace() string { diff --git a/pkg/k3d/k3d.go b/pkg/k3d/k3d.go index 76c48e431..7741695de 100644 --- a/pkg/k3d/k3d.go +++ b/pkg/k3d/k3d.go @@ -254,7 +254,7 @@ func (c *Cluster) RESTConfig() *kube.RESTConfig { return c.restConfig } -func (c *Cluster) ImportImage(image string) error { +func (c *Cluster) ImportImage(images ...string) error { c.mu.Lock() defer c.mu.Unlock() if out, err := exec.Command( @@ -262,7 +262,7 @@ func (c *Cluster) ImportImage(image string) error { "image", "import", fmt.Sprintf("--cluster=%s", c.Name), - image, + strings.Join(images, " "), ).CombinedOutput(); err != nil { return fmt.Errorf("%w: %s", err, out) } diff --git a/pkg/vcluster/vcluster.go b/pkg/vcluster/vcluster.go index f1e4e24ab..9efaea494 100644 --- a/pkg/vcluster/vcluster.go +++ b/pkg/vcluster/vcluster.go @@ -6,9 +6,11 @@ import ( "io" "net" "strings" + "testing" "time" "github.com/cockroachdb/errors" + "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" @@ -16,7 +18,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "github.com/redpanda-data/redpanda-operator/pkg/helm" + "github.com/redpanda-data/redpanda-operator/pkg/k3d" "github.com/redpanda-data/redpanda-operator/pkg/kube" + "github.com/redpanda-data/redpanda-operator/pkg/testutil" ) const ( @@ -35,6 +39,42 @@ type Cluster struct { namespace *corev1.Namespace } +func ForTestInShared(t *testing.T) *Cluster { + cluster, err := NewInShared(t.Context()) + require.NoError(t, err) + + testutil.MaybeCleanup(t, func() { + require.NoError(t, cluster.Delete()) + }) + + return cluster +} + +func ForTest(t *testing.T, host *k3d.Cluster) *Cluster { + cluster, err := New(t.Context(), host.RESTConfig()) + require.NoError(t, err) + + testutil.MaybeCleanup(t, func() { + require.NoError(t, cluster.Delete()) + }) + + return cluster +} + +func NewInShared(ctx context.Context) (*Cluster, error) { + host, err := k3d.GetShared() + if err != nil { + return nil, errors.WithStack(err) + } + + cl, err := New(ctx, host.RESTConfig()) + if err != nil { + return nil, errors.WithStack(err) + } + + return cl, nil +} + func New(ctx context.Context, config *kube.RESTConfig) (*Cluster, error) { ctx, cancel := context.WithTimeoutCause(ctx, 3*time.Minute, errors.New("vCluster creation timed out")) defer cancel()