amplify-fusion/templates/fusion-operator/role.yaml

{{- if  and .Values.fusionOperator.enabled (eq (include "parent.dataplaneMode" . ) "shared") }}
{{- if ( and .Values.fusionOperator.serviceAccount.enabled ( not .Values.fusionOperator.serviceAccount.preexisting ) ) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ template "fusionOperator.name" . }}-role
rules:
  - apiGroups:
      - apps
    resources:
      - deployments
    verbs:
      - create
      - delete
      - get
      - list
      - update
      - watch
  - apiGroups:
      - apps
    resources:
      - deployments/status
    verbs:
      - get
      - patch
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - delete
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
    # Rules for managing Roles and RoleBindings (RBAC)
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - roles
      - rolebindings
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch

    # Rules for managing ServiceAccounts
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch

    # Rules for managing PodDisruptionBudget (PDB)
  - apiGroups:
      - policy
    resources:
      - poddisruptionbudgets
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - operator.fusion.axway.com
    resources:
      - orchestrators
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - operator.fusion.axway.com
    resources:
      - orchestrators/status
    verbs:
      - get
      - patch
      - update
  - apiGroups:
      - autoscaling
    resources:
      - horizontalpodautoscalers
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  {{- if .Values.fusionOperator.leaderElection.enabled }}
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
  {{- end }}
  - apiGroups: ["apiextensions.k8s.io"]
    resources:
      - customresourcedefinitions
    verbs:
      - delete
      - create
      - update
      - get
      - list
      - watch
  {{- end }}
{{- end }}