Merge e2bfe87ac0 into 1af4c50ed0

manifests/operator-service-account-rbac-openshift.yaml

@@ -59,6 +59,20 @@ rules:
   - get
   - patch
   - update
+# to create endpoints to services
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
 # to read configuration and manage ConfigMaps used by Patroni
 - apiGroups:
   - ""
@@ -242,6 +256,40 @@ kind: ClusterRole
 metadata:
   name: postgres-pod
 rules:
+# to create endpoints to services
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+- apiGroups: [""]
+  resources:
+    - events  # Patroni may log to events
+  verbs:
+    - create
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups: ["coordination.k8s.io"]
+  resources:
+    - leases  # Only if Patroni tries to use K8s Leases
+  verbs:
+    - create
+    - get
+    - list
+    - update
+    - delete
+    - watch
+    - patch
 # Patroni needs to watch and manage config maps
 - apiGroups:
   - ""
@@ -274,6 +322,15 @@ rules:
   - services
   verbs:
   - create
+  # to check nodes for node readiness label
+- apiGroups:
+    - ""
+  resources:
+    - nodes
+  verbs:
+    - get
+    - list
+    - watch
 # to grant privilege to run privileged pods (not needed by default)
 #- apiGroups:
 #  - extensions