helm/korifi/api/role.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: korifi-api-system-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- korifi.cloudfoundry.org
resources:
- cfapps
- cfbuilds
- cfpackages
- cfprocesses
- cfspaces
- cftasks
verbs:
- list
- apiGroups:
- korifi.cloudfoundry.org
resources:
- cfdomains
- cfroutes
verbs:
- list
- apiGroups:
- korifi.cloudfoundry.org
resources:
- cfservicebindings
- cfserviceinstances
verbs:
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: korifi-api-system-role
namespace: '{{ .Values.rootNamespace }}'
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get