--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: grafana-operator-permissions rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - "" resources: - configmaps - persistentvolumeclaims - secrets - serviceaccounts - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - events verbs: - create - get - list - patch - watch - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - grafana.integreatly.org resources: - grafanadashboards verbs: - create - delete - get - list - patch - update - watch - apiGroups: - grafana.integreatly.org resources: - grafanadashboards/finalizers verbs: - update - apiGroups: - grafana.integreatly.org resources: - grafanadashboards/status verbs: - get - patch - update - apiGroups: - grafana.integreatly.org resources: - grafanadatasources verbs: - create - delete - get - list - patch - update - watch - apiGroups: - grafana.integreatly.org resources: - grafanadatasources/finalizers verbs: - update - apiGroups: - grafana.integreatly.org resources: - grafanadatasources/status verbs: - get - patch - update - apiGroups: - grafana.integreatly.org resources: - grafanafolders verbs: - create - delete - get - list - patch - update - watch - apiGroups: - grafana.integreatly.org resources: - grafanafolders/finalizers verbs: - update - apiGroups: - grafana.integreatly.org resources: - grafanafolders/status verbs: - get - patch - update - apiGroups: - grafana.integreatly.org resources: - grafanas verbs: - create - delete - get - list - patch - update - watch - apiGroups: - grafana.integreatly.org resources: - grafanas/finalizers verbs: - update - apiGroups: - grafana.integreatly.org resources: - grafanas/status verbs: - get - patch - update - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - delete - get - list - patch - update - watch - apiGroups: - route.openshift.io resources: - routes verbs: - create - delete - get - list - update - watch - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: grafana-operator-permissions subjects: - kind: ServiceAccount name: grafana-operator-controller-manager namespace: grafana roleRef: kind: ClusterRole name: grafana-operator-permissions apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: grafana-operator-controller-manager namespace: grafana automountServiceAccountToken: true