init

config/rbac/kustomization.yaml

@@ -18,3 +18,10 @@ resources:
 - metrics_auth_role.yaml
 - metrics_auth_role_binding.yaml
 - metrics_reader_role.yaml
+# For each CRD, "Editor" and "Viewer" roles are scaffolded by
+# default, aiding admins in cluster management. Those roles are
+# not used by the Project itself. You can comment the following lines
+# if you do not want those helpers be installed with your Project.
+- servermanager_editor_role.yaml
+- servermanager_viewer_role.yaml
+

config/rbac/role.yaml

@@ -1,11 +1,32 @@
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels:
-    app.kubernetes.io/name: kubernetes-operator
-    app.kubernetes.io/managed-by: kustomize
   name: manager-role
 rules:
-- apiGroups: [""]
-  resources: ["pods"]
-  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers/status
+  verbs:
+  - get
+  - patch
+  - update

config/rbac/servermanager_editor_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to edit servermanagers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kubernetes-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: servermanager-editor-role
+rules:
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers/status
+  verbs:
+  - get

config/rbac/servermanager_viewer_role.yaml

@@ -0,0 +1,23 @@
+# permissions for end users to view servermanagers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kubernetes-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: servermanager-viewer-role
+rules:
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - server-manager.acooldomain.co
+  resources:
+  - servermanagers/status
+  verbs:
+  - get