Path: blob/main/install/installer/pkg/components/ws-daemon/clusterrole.go
2501 views
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.1// Licensed under the GNU Affero General Public License (AGPL).2// See License.AGPL.txt in the project root for license information.34package wsdaemon56import (7"fmt"89"github.com/gitpod-io/gitpod/installer/pkg/common"1011rbacv1 "k8s.io/api/rbac/v1"12metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"13"k8s.io/apimachinery/pkg/runtime"14)1516func clusterrole(ctx *common.RenderContext) ([]runtime.Object, error) {17labels := common.DefaultLabels(Component)1819return []runtime.Object{20&rbacv1.ClusterRole{21TypeMeta: common.TypeMetaClusterRole,22ObjectMeta: metav1.ObjectMeta{23Name: fmt.Sprintf("%s-ns-%s", ctx.Namespace, Component),24Labels: labels,25},26Rules: []rbacv1.PolicyRule{27{28APIGroups: []string{""},29Resources: []string{"nodes"},30Verbs: []string{"get", "list", "update", "patch"},31},32{33APIGroups: []string{""},34Resources: []string{"pods", "services"},35Verbs: []string{"get", "list", "watch"},36},37{38APIGroups: []string{""},39Resources: []string{"pods"},40Verbs: []string{"delete", "update", "patch"},41},42{43APIGroups: []string{"workspace.gitpod.io"},44Resources: []string{"workspaces"},45Verbs: []string{46"get",47"list",48"watch",49},50},51{52APIGroups: []string{"workspace.gitpod.io"},53Resources: []string{"workspaces/status"},54Verbs: []string{55"get",56"patch",57"update",58},59},60{61APIGroups: []string{"workspace.gitpod.io"},62Resources: []string{"snapshots"},63Verbs: []string{64"get",65"list",66"watch",67},68},69{70APIGroups: []string{"workspace.gitpod.io"},71Resources: []string{"snapshots/status"},72Verbs: []string{73"get",74"patch",75"update",76},77},78{79APIGroups: []string{""},80Resources: []string{"events"},81Verbs: []string{82"create",83"patch",84},85},86},87},88}, nil89}909192