Dynamic Admission Controller RBAC Settings
The admission controller requires read-only access to several resource types in order to function.
- couchbase.com/couchbasebuckets
- couchbase.com/couchbaseephemeralbuckets
- couchbase.com/couchbasememcachedbuckets
- couchbase.com/couchbasereplications
- couchbase.com/couchbaseusers
- couchbase.com/couchbasegroups
- couchbase.com/couchbaseroles
- couchbase.com/couchbaserolebindings
- couchbase.com/couchbasebackups
- couchbase.com/couchbasebackuprestores
-
Used by the DAC to collect resources associated with a
CouchbaseCluster
. The DAC ensures — when considered as a whole — the configuration is valid for the Couchbase cluster.Required Permissions:
list
- namespaces
-
Used the the DAC to lookup the namespace a cluster is running in. This is used on determine whether the cluster is running on Red Hat OpenShift. This information is used to determine correct defaults for the platform.
Required Permissions:
get
- secrets
-
Used by the DAC to look for secrets references in the
CouchbaseCluster
specification. It will ensure that the username and password secrets exist. It will ensure that, if specified, the TLS secrets are present and correct, and are valid for the cluster.Required Permissions:
get
- storage.k8s.io/storageclasses
-
Used by the DAC to look for storage class references in the
CouchbaseCluster
specification. It will ensure that, if present, any storage class templates reference existing storage classes.Required Permissions:
get
|