theshire/kubernetes/apps/kubevirt/manager/app/rbac.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubevirt-manager
rules:
  - apiGroups: [""]
    resources: ["nodes", "namespaces"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["customresourcedefinitions"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims", "persistentvolumes", "services", "secrets", "serviceaccounts", "configmaps", "deployments"]
    verbs: ["*"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources: ["rolebindings"]
    verbs: ["*"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["*"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list"]
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["get", "list"]
  - apiGroups: ["k8s.cni.cncf.io"]
    resources: ["network-attachment-definitions"]
    verbs: ["get", "list"]
  - apiGroups: ["kubevirt.io"]
    resources: ["virtualmachines", "virtualmachineinstances"]
    verbs: ["*"]
  - apiGroups: ["subresources.kubevirt.io"]
    resources: ["*"]
    verbs: ["get", "list", "update", "patch"]
  - apiGroups: ["instancetype.kubevirt.io"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["cdi.kubevirt.io"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["pool.kubevirt.io"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["scheduling.k8s.io"]
    resources: ["priorityclasses"]
    verbs: ["get", "list"]
  - apiGroups: ["autoscaling"]
    resources: ["horizontalpodautoscalers"]
    verbs: ["*"]
  - apiGroups: ["cluster.x-k8s.io"]
    resources: ["clusters", "machinedeployments"]
    verbs: ["*"]
  - apiGroups: ["controlplane.cluster.x-k8s.io"]
    resources: ["kubeadmcontrolplanes"]
    verbs: ["*"]
  - apiGroups: ["infrastructure.cluster.x-k8s.io"]
    resources: ["kubevirtmachinetemplates", "kubevirtclusters"]
    verbs: ["*"]
  - apiGroups: ["bootstrap.cluster.x-k8s.io"]
    resources: ["kubeadmconfigtemplates"]
    verbs: ["*"]
  - apiGroups: ["addons.cluster.x-k8s.io"]
    resources: ["clusterresourcesets"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubevirt-manager
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubevirt-manager
subjects:
  - kind: ServiceAccount
    name: kubevirt-manager
    namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubevirt-manager-kccm
rules:
  - apiGroups: ["kubevirt.io"]
    resources: ["virtualmachines"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["kubevirt.io"]
    resources: ["virtualmachineinstances"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["services"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubevirt-manager-kccm
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubevirt-manager-kccm
subjects:
  - kind: ServiceAccount
    name: kubevirt-manager
    namespace: kubevirt
Adding kubevirt-manager. 2024-05-22 13:46:59 -05:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: kubevirt-manager`
			`rules:`
			`- apiGroups: [""]`
			`resources: ["nodes", "namespaces"]`
			`verbs: ["get", "list"]`
			`- apiGroups: [""]`
			`resources: ["customresourcedefinitions"]`
			`verbs: ["get", "list"]`
			`- apiGroups: [""]`
			`resources: ["persistentvolumeclaims", "persistentvolumes", "services", "secrets", "serviceaccounts", "configmaps", "deployments"]`
			`verbs: ["*"]`
			`- apiGroups: ["rbac.authorization.k8s.io"]`
			`resources: ["rolebindings"]`
			`verbs: ["*"]`
			`- apiGroups: ["apps"]`
			`resources: ["deployments"]`
			`verbs: ["*"]`
			`- apiGroups: ["storage.k8s.io"]`
			`resources: ["storageclasses"]`
			`verbs: ["get", "list"]`
			`- apiGroups: ["apiextensions.k8s.io"]`
			`resources: ["customresourcedefinitions"]`
			`verbs: ["get", "list"]`
			`- apiGroups: ["k8s.cni.cncf.io"]`
			`resources: ["network-attachment-definitions"]`
			`verbs: ["get", "list"]`
			`- apiGroups: ["kubevirt.io"]`
			`resources: ["virtualmachines", "virtualmachineinstances"]`
			`verbs: ["*"]`
			`- apiGroups: ["subresources.kubevirt.io"]`
			`resources: ["*"]`
			`verbs: ["get", "list", "update", "patch"]`
			`- apiGroups: ["instancetype.kubevirt.io"]`
			`resources: ["*"]`
			`verbs: ["*"]`
			`- apiGroups: ["cdi.kubevirt.io"]`
			`resources: ["*"]`
			`verbs: ["*"]`
			`- apiGroups: ["pool.kubevirt.io"]`
			`resources: ["*"]`
			`verbs: ["*"]`
			`- apiGroups: ["scheduling.k8s.io"]`
			`resources: ["priorityclasses"]`
			`verbs: ["get", "list"]`
			`- apiGroups: ["autoscaling"]`
			`resources: ["horizontalpodautoscalers"]`
			`verbs: ["*"]`
			`- apiGroups: ["cluster.x-k8s.io"]`
			`resources: ["clusters", "machinedeployments"]`
			`verbs: ["*"]`
			`- apiGroups: ["controlplane.cluster.x-k8s.io"]`
			`resources: ["kubeadmcontrolplanes"]`
			`verbs: ["*"]`
			`- apiGroups: ["infrastructure.cluster.x-k8s.io"]`
			`resources: ["kubevirtmachinetemplates", "kubevirtclusters"]`
			`verbs: ["*"]`
			`- apiGroups: ["bootstrap.cluster.x-k8s.io"]`
			`resources: ["kubeadmconfigtemplates"]`
			`verbs: ["*"]`
			`- apiGroups: ["addons.cluster.x-k8s.io"]`
			`resources: ["clusterresourcesets"]`
			`verbs: ["*"]`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: kubevirt-manager`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: kubevirt-manager`
			`subjects:`
			`- kind: ServiceAccount`
			`name: kubevirt-manager`
			`namespace: kubevirt`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: kubevirt-manager-kccm`
			`rules:`
			`- apiGroups: ["kubevirt.io"]`
			`resources: ["virtualmachines"]`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["kubevirt.io"]`
			`resources: ["virtualmachineinstances"]`
			`verbs: ["get", "list", "watch", "update"]`
			`- apiGroups: [""]`
			`resources: ["pods"]`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: [""]`
			`resources: ["services"]`
			`verbs: ["*"]`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: kubevirt-manager-kccm`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: kubevirt-manager-kccm`
			`subjects:`
			`- kind: ServiceAccount`
			`name: kubevirt-manager`
			`namespace: kubevirt`