-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
Copy pathargo-rollouts-role.yaml
147 lines (147 loc) · 2.35 KB
/
argo-rollouts-role.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-role
labels:
app.kubernetes.io/component: {{ .Values.controller.component }}
app.kubernetes.io/name: {{ .Release.Name }}-role
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- argoproj.io
resources:
- rollouts
- rollouts/status
- rollouts/finalizers
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- analysisruns
- analysisruns/finalizers
- experiments
- experiments/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
- watch
# replicaset access needed for managing ReplicaSets
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# services patch needed to update selector of canary/stable/active/preview services
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- patch
# secret read access to run analysis templates which reference secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
# pod list/update needed for updating ephemeral data
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- update
# pods eviction needed for restart
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
# event write needed for emitting events
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
# ingress patch needed for managing ingress annotations, create needed for nginx canary
- apiGroups:
- networking.k8s.io
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- patch
# job access needed for analysis template job metrics
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
# virtualservice access needed for using the Istio provider
- apiGroups:
- networking.istio.io
resources:
- virtualservices
verbs:
- watch
- get
- update
- list
# trafficsplit access needed for using the SMI provider
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch