Cluster-scoped permissions required by the IBM MQ Operator
The IBM® MQ Operator requires cluster-scoped permissions to manage admission webhooks and samples, and to read storage class and cluster version information.
The IBM MQ Operator requires the following cluster-scoped permissions:
- Permission to manage admission webhooks. This allows creating, retrieving, and updating specific
webhooks that are used in the process of creating and managing containers provided by the Operator.
- API Groups: admissionregistration.k8s.io
- Resources: validatingwebhookconfigurations
- Verbs: create, get, update
- Permission to create and manage resources that are used in the Red Hat® OpenShift® console to provide samples and snippets when creating
custom resources.
- API Groups: console.openshift.io
- Resources: consoleyamlsamples
- Verbs: create, get, update, delete
- Permission to read the cluster version. This allows the Operator to feed back any issues with
the cluster environment.
- API Groups: config.openshift.io
- Resources: clusterversions
- Verbs: get, list, watch
- Permission to read storage classes on the cluster. This allows the Operator to feed back any
issues with selected storage classes in containers.
- API Groups: storage.k8s.io
- Resources: storageclasses
- Verbs: get, list