- batch
- extensions
resources:
+ - endpoints
+ - services
+ - nodes
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself