Cluster Role

{{- if .Values.clusterRole.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "tor-operator.clusterRoleName" . }}
  labels:
    {{- include "tor-operator.labels" . | nindent 4 }}
  {{- with .Values.clusterRole.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
rules:
  # used by OnionBalance
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionbalances"]
    verbs: ["list", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionbalances/status"]
    verbs: ["patch"]
  # used by OnionKeys
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionkeys"]
    verbs: ["list", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionkeys/status"]
    verbs: ["patch"]
  # used by OnionService
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionservices"]
    verbs: ["list", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionservices/status"]
    verbs: ["patch"]
  # used by TorIngress
  - apiGroups: ["autoscaling"]
    resources: ["horizontalpodautoscalers"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["onionbalances", "onionkeys", "onionservices"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["toringresses"]
    verbs: ["list", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["toringresses/status"]
    verbs: ["patch"]
  # used by TorProxy
  - apiGroups: [""]
    resources: ["configmaps", "services"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["autoscaling"]
    resources: ["horizontalpodautoscalers"]
    verbs: ["create", "delete", "get", "list", "patch", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["torproxies"]
    verbs: ["list", "watch"]
  - apiGroups: ["tor.agabani.co.uk"]
    resources: ["torproxies/status"]
    verbs: ["patch"]
{{- end }}