Skip to content

Commit 171b160

Browse files
NickLarsenNZNickLarsenNZ
committed
chore: Split the roles.yaml into separate files for clusterrole-operator.yaml and clusterrole-product.yaml
1 parent 3b11050 commit 171b160

2 files changed

Lines changed: 43 additions & 43 deletions

File tree

deploy/helm/nifi-operator/templates/roles.yaml renamed to deploy/helm/nifi-operator/templates/clusterrole-operator.yaml

Lines changed: 1 addition & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
---
12
apiVersion: rbac.authorization.k8s.io/v1
23
kind: ClusterRole
34
metadata:
@@ -163,46 +164,3 @@ rules:
163164
- get
164165
- list
165166
- watch
166-
167-
---
168-
apiVersion: rbac.authorization.k8s.io/v1
169-
kind: ClusterRole
170-
metadata:
171-
name: {{ include "operator.name" . }}-clusterrole
172-
labels:
173-
{{- include "operator.labels" . | nindent 4 }}
174-
rules:
175-
# Required for Kubernetes-managed clustering, see https://nifi.apache.org/nifi-docs/administration-guide.html#kubernetes-clustering
176-
- apiGroups:
177-
- coordination.k8s.io
178-
resources:
179-
- leases
180-
verbs:
181-
- create
182-
- get
183-
- update
184-
# undocumented but required
185-
- patch
186-
# Required for Kubernetes cluster state provider, see https://nifi.apache.org/nifi-docs/administration-guide.html#kubernetes-configmap-cluster-state-provider
187-
- apiGroups:
188-
- ""
189-
resources:
190-
- configmaps
191-
verbs:
192-
- create
193-
- delete
194-
- get
195-
- list
196-
- patch
197-
- update
198-
{{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
199-
# Required to use the nonroot-v2 SCC on OpenShift
200-
- apiGroups:
201-
- security.openshift.io
202-
resources:
203-
- securitycontextconstraints
204-
resourceNames:
205-
- nonroot-v2
206-
verbs:
207-
- use
208-
{{ end }}

deploy/helm/nifi-operator/templates/clusterrole-product.yaml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
---
2+
apiVersion: rbac.authorization.k8s.io/v1
3+
kind: ClusterRole
4+
metadata:
5+
name: {{ include "operator.name" . }}-clusterrole
6+
labels:
7+
{{- include "operator.labels" . | nindent 4 }}
8+
rules:
9+
# Required for Kubernetes-managed clustering, see https://nifi.apache.org/nifi-docs/administration-guide.html#kubernetes-clustering
10+
- apiGroups:
11+
- coordination.k8s.io
12+
resources:
13+
- leases
14+
verbs:
15+
- create
16+
- get
17+
- update
18+
# undocumented but required
19+
- patch
20+
# Required for Kubernetes cluster state provider, see https://nifi.apache.org/nifi-docs/administration-guide.html#kubernetes-configmap-cluster-state-provider
21+
- apiGroups:
22+
- ""
23+
resources:
24+
- configmaps
25+
verbs:
26+
- create
27+
- delete
28+
- get
29+
- list
30+
- patch
31+
- update
32+
{{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
33+
# Required to use the nonroot-v2 SCC on OpenShift
34+
- apiGroups:
35+
- security.openshift.io
36+
resources:
37+
- securitycontextconstraints
38+
resourceNames:
39+
- nonroot-v2
40+
verbs:
41+
- use
42+
{{ end }}

0 commit comments

Comments
 (0)