{{- if and .Values.fusionOperator.enabled (eq (include "parent.dataplaneMode" . ) "shared") }} {{- if ( and .Values.fusionOperator.serviceAccount.enabled ( not .Values.fusionOperator.serviceAccount.preexisting ) ) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "fusionOperator.name" . }}-role rules: - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - update - watch - apiGroups: - apps resources: - deployments/status verbs: - get - patch - update - apiGroups: - "" resources: - configmaps verbs: - create - get - list - watch - update - delete - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch # Rules for managing Roles and RoleBindings (RBAC) - apiGroups: - rbac.authorization.k8s.io resources: - roles - rolebindings verbs: - create - delete - get - list - patch - update - watch # Rules for managing ServiceAccounts - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - patch - update - watch # Rules for managing PodDisruptionBudget (PDB) - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - operator.fusion.axway.com resources: - orchestrators verbs: - create - delete - get - list - patch - update - watch - apiGroups: - operator.fusion.axway.com resources: - orchestrators/status verbs: - get - patch - update - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - create - delete - get - list - patch - update - watch {{- if .Values.fusionOperator.leaderElection.enabled }} - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create {{- end }} - apiGroups: ["apiextensions.k8s.io"] resources: - customresourcedefinitions verbs: - delete - create - update - get - list - watch {{- end }} {{- end }}