Enclosing class:: CSVMetadata

public static @interface CSVMetadata.PermissionRule

Additional RBAC rules that need to be provided because they cannot be inferred automatically. Note that RBAC rules added to your reconciler via RBACRule should already be handled automatically, under the service account name associated with your Reconciler so this annotation should only be used to add additional rules to other service accounts or for rules that you don't want to appear in the generated Kubernetes manifests.

Required Element Summary

Required Elements

Modifier and Type

Required Element

Description

String[]

apiGroups

String[]

resources
Optional Element Summary

Optional Elements

Modifier and Type

Optional Element

Description

String

serviceAccountName

String[]

verbs

Element Details
- apiGroups
  
  String[] apiGroups
- resources
  
  String[] resources
- verbs
  
  String[] verbs
  
  Default:
  
  {"get", "list", "watch", "create", "delete", "patch", "update"}
- serviceAccountName
  
  String serviceAccountName
  
  Returns:
  
  the service account name to which the permission rule will be assigned. If not provided, the default service account name as defined for your operator will be used. Note that for the rule to be effectively added to the CSV, a service account with that name must exist in the generated kubernetes manifests as this is the base upon which the bundle generator works. This means that if you add a rule that targets a service account that is not present in the generated manifest, then this rule won't appear in the generated CSV.
  
  Default:
  
  ""

Annotation Interface CSVMetadata.PermissionRule

Required Element Summary

Optional Element Summary

Element Details

apiGroups

resources

verbs

serviceAccountName