entity-role.yaml

{{- if not (index .Values "strimzi-kafka-operator" "createGlobalResources") -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: strimzi-entity-operator-namespaced
  labels:
    app: {{ template "theodolite.name" . }}-strimzi
rules:
- apiGroups:
  - "kafka.strimzi.io"
  resources:
    # The entity operator runs the KafkaTopic assembly operator, which needs to access and manage KafkaTopic resources
  - kafkatopics
  - kafkatopics/status
  # The entity operator runs the KafkaUser assembly operator, which needs to access and manage KafkaUser resources
  - kafkausers
  - kafkausers/status
  verbs:
  - get
  - list
  - watch
  - create
  - patch
  - update
  - delete
- apiGroups:
  - ""
  resources:
  - events
  verbs:
    # The entity operator needs to be able to create events
  - create
- apiGroups:
  - ""
  resources:
    # The entity operator user-operator needs to access and manage secrets to store generated credentials
  - secrets
  verbs:
  - get
  - list
  - watch
  - create
  - delete
  - patch
  - update
{{- end }}