public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge e2bfe87ac0 into 1af4c50ed0

This commit is contained in:
Joel Gotsch 2025-10-21 15:02:30 +02:00 committed by GitHub
parent 1af4c50ed0 e2bfe87ac0
commit 050705ba4b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
manifests/operator-service-account-rbac-openshift.yaml
View File

@ -59,6 +59,20 @@ rules:
- get - get
- patch - patch
- update - update
# to create endpoints to services
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
# to read configuration and manage ConfigMaps used by Patroni # to read configuration and manage ConfigMaps used by Patroni
- apiGroups: - apiGroups:
- "" - ""
@ -242,6 +256,40 @@ kind: ClusterRole
metadata: metadata:
name: postgres-pod name: postgres-pod
rules: rules:
# to create endpoints to services
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- apiGroups: [""]
resources:
- events # Patroni may log to events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups: ["coordination.k8s.io"]
resources:
- leases # Only if Patroni tries to use K8s Leases
verbs:
- create
- get
- list
- update
- delete
- watch
- patch
# Patroni needs to watch and manage config maps # Patroni needs to watch and manage config maps
- apiGroups: - apiGroups:
- "" - ""
@ -274,6 +322,15 @@ rules:
- services - services
verbs: verbs:
- create - create
# to check nodes for node readiness label
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
# to grant privilege to run privileged pods (not needed by default) # to grant privilege to run privileged pods (not needed by default)
#- apiGroups: #- apiGroups:
# - extensions # - extensions