--- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: redis-enterprise-operator rules: - apiGroups: ["rbac.authorization.k8s.io", ""] resources: ["roles", "serviceaccounts", "rolebindings"] verbs: ["*"] - apiGroups: - app.redislabs.com resources: - "*" verbs: - "*" - apiGroups: [""] resources: ["secrets"] verbs: ["*"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] resources: ["deployments", "statefulsets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["create", "delete", "get"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create", "delete", "get" , "update", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["create", "delete", "get" , "update"] # needed rbac rules for services controller - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list", "update", "patch"] - apiGroups: [""] resources: ["services"] verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] - apiGroups: - route.openshift.io resources: ["routes", "routes/custom-host"] verbs: ["*"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: - redis-enterprise-psp verbs: - use - apiGroups: ["extensions"] resources: ["ingresses"] verbs: ["*"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: redis-enterprise-operator subjects: - kind: ServiceAccount name: redis-enterprise-operator roleRef: kind: Role name: redis-enterprise-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: redis-enterprise-operator --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: redisenterpriseclusters.app.redislabs.com spec: group: app.redislabs.com names: kind: RedisEnterpriseCluster listKind: RedisEnterpriseClusterList plural: redisenterpriseclusters singular: redisenterprisecluster shortNames: - rec subresources: status: {} scope: Namespaced version: v1 versions: - name: v1 served: true storage: false - name: v1alpha1 served: true storage: true --- apiVersion: apps/v1 kind: Deployment metadata: name: redis-enterprise-operator spec: replicas: 1 selector: matchLabels: name: redis-enterprise-operator template: metadata: labels: name: redis-enterprise-operator spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator image: redislabs/operator:6.0.8-1 command: - redis-enterprise-operator imagePullPolicy: Always env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "redis-enterprise-operator" - name: DATABASE_CONTROLLER_ENABLED value: "true" resources: limits: cpu: 4000m memory: 512Mi requests: cpu: 500m memory: 256Mi --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: redisenterprisedatabases.app.redislabs.com spec: group: app.redislabs.com names: kind: RedisEnterpriseDatabase listKind: RedisEnterpriseDatabaseList plural: redisenterprisedatabases singular: redisenterprisedatabase shortNames: - redb scope: Namespaced subresources: status: {} version: v1alpha1 versions: - name: v1alpha1 served: true storage: true ---