Path: blob/main/install/installer/pkg/components/node-labeler/role.go
2501 views
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.1// Licensed under the GNU Affero General Public License (AGPL).2// See License.AGPL.txt in the project root for license information.34package wsmanager56import (7"github.com/gitpod-io/gitpod/installer/pkg/common"89rbacv1 "k8s.io/api/rbac/v1"10metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"11"k8s.io/apimachinery/pkg/runtime"12)1314func role(ctx *common.RenderContext) ([]runtime.Object, error) {15labels := common.DefaultLabels(Component)1617return []runtime.Object{18&rbacv1.ClusterRole{19TypeMeta: common.TypeMetaClusterRole,20ObjectMeta: metav1.ObjectMeta{21Name: Component,22Namespace: ctx.Namespace,23Labels: labels,24},25Rules: []rbacv1.PolicyRule{26{27APIGroups: []string{""},28Resources: []string{29"nodes",30},31Verbs: []string{32"get",33"list",34"watch",35"update",36"patch",37},38},39{40APIGroups: []string{""},41Resources: []string{42"pods",43},44Verbs: []string{45"get",46"list",47"watch",48},49},50// permissions required for the WorkspaceCountController51{52APIGroups: []string{"workspace.gitpod.io"},53Resources: []string{"workspaces"},54Verbs: []string{55"get",56"list",57"watch",58},59},60// ConfigMap, Leases, and Events access is required for leader-election.61{62APIGroups: []string{""},63Resources: []string{"configmaps"},64Verbs: []string{65"create",66"delete",67"get",68"list",69"patch",70"update",71"watch",72},73},74{75APIGroups: []string{"coordination.k8s.io"},76Resources: []string{"leases"},77Verbs: []string{78"create",79"delete",80"get",81"list",82"patch",83"update",84"watch",85},86},87{88APIGroups: []string{""},89Resources: []string{"events"},90Verbs: []string{91"create",92"patch",93},94},95},96},97}, nil98}99100101