From 110ae6da8d80b63a068f4537383e775d958cf9a9 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 14 Apr 2018 02:09:54 +0200
Subject: Provide support for global OpenShift resources (ClusterRoles, etc.)

---
 setup/projects/openshift/templates/maintain.yml.j2 | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 setup/projects/openshift/templates/maintain.yml.j2

(limited to 'setup/projects/openshift/templates')

diff --git a/setup/projects/openshift/templates/maintain.yml.j2 b/setup/projects/openshift/templates/maintain.yml.j2
new file mode 100644
index 0000000..41017a5
--- /dev/null
+++ b/setup/projects/openshift/templates/maintain.yml.j2
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ClusterRole
+metadata:
+  annotations:
+    openshift.io/description: A user that can create and edit most objects in a project,
+      but can not update the project's membership.
+    openshift.io/reconcile-protect: "false"
+  creationTimestamp: null
+  name: kaas-maintain
+rules:
+- resources:
+  - pods/exec
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- resources:
+  - replicationcontrollers/scale
+  - deploymentconfigs/scale
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
-- 
cgit v1.2.3