patroni's policy rules

apecloud · Nov 29, 2024 · 17a4490 · 17a4490
1 parent 014bc19
commit 17a4490
Show file tree

Hide file tree

Showing 4 changed files with 156 additions and 0 deletions.
diff --git a/addons/postgresql/templates/componentdefinition-12.yaml b/addons/postgresql/templates/componentdefinition-12.yaml
@@ -214,6 +214,45 @@ spec:
             value: $(POSTGRES_PASSWORD)
         targetPodSelector: Role
         matchingKey: primary
+  policyRules:
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - get
+      - patch
+      - update
+      - create
+      - list
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
   runtime:
     securityContext:
       runAsUser: 0

diff --git a/addons/postgresql/templates/componentdefinition-14.yaml b/addons/postgresql/templates/componentdefinition-14.yaml
@@ -214,6 +214,45 @@ spec:
             value: $(POSTGRES_PASSWORD)
         targetPodSelector: Role
         matchingKey: primary
+  policyRules:
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - get
+      - patch
+      - update
+      - create
+      - list
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
   runtime:
     securityContext:
       runAsUser: 0

diff --git a/addons/postgresql/templates/componentdefinition-15.yaml b/addons/postgresql/templates/componentdefinition-15.yaml
@@ -214,6 +214,45 @@ spec:
             value: $(POSTGRES_PASSWORD)
         targetPodSelector: Role
         matchingKey: primary
+  policyRules:
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - get
+      - patch
+      - update
+      - create
+      - list
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
   runtime:
     securityContext:
       runAsUser: 0

diff --git a/addons/postgresql/templates/componentdefinition-16.yaml b/addons/postgresql/templates/componentdefinition-16.yaml
@@ -214,6 +214,45 @@ spec:
             value: $(POSTGRES_PASSWORD)
         targetPodSelector: Role
         matchingKey: primary
+  policyRules:
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - get
+      - patch
+      - update
+      - create
+      - list
+      - watch
+      # delete is required only for 'patronictl remove'
+      - delete
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
   runtime:
     securityContext:
       runAsUser: 0