Update RBAC
This commit is contained in:
Sergey Dudoladov
parent
5d44904d14
commit
a44da934e6
|
|
@ -351,3 +351,5 @@ The operator can manage k8s cron jobs to do periodic logical backups of all PG c
|
||||||
2. Due to the [limitation of Kubernetes cron jobs](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-job-limitations) it is highly advisable to set up additional monitoring for this feature; such monitoring is outside of the scope of operator responsibilities.
|
2. Due to the [limitation of Kubernetes cron jobs](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-job-limitations) it is highly advisable to set up additional monitoring for this feature; such monitoring is outside of the scope of operator responsibilities.
|
||||||
|
|
||||||
3. The operator does not remove old backups.
|
3. The operator does not remove old backups.
|
||||||
|
|
||||||
|
For that feature to work, your RBAC policy must enable operations on the `cronjobs` resource from the `batch` API group for the operator service account.
|
||||||
|
|
@ -139,7 +139,16 @@ rules:
|
||||||
- bind
|
- bind
|
||||||
resourceNames:
|
resourceNames:
|
||||||
- zalando-postgres-operator
|
- zalando-postgres-operator
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- cronjobs # enables logical backups
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue