--- apiVersion: v1 kind: ServiceAccount metadata: name: nats-streaming-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nats-streaming-operator-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nats-streaming-operator subjects: - kind: ServiceAccount name: nats-streaming-operator namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nats-streaming-operator rules: # Allow creating CRDs - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: ["*"] # Allow all actions on NatsClusters - apiGroups: - nats.io resources: - natsclusters - natsserviceroles verbs: ["*"] # Allow all actions on NatsStreamingClusters - apiGroups: - streaming.nats.io resources: - natsstreamingclusters - natsstreamingclusters/finalizers verbs: ["*"] # Allow actions on basic Kubernetes objects - apiGroups: [""] resources: - configmaps - secrets - pods - services - serviceaccounts - serviceaccounts/token - endpoints - events verbs: ["*"]