Permissions (IBM Cloud Pak for AIOps)
The following content shows the permissions and cluster permissions that are required by the IBM Cloud Pak for AIOps operators.
aimanager-operator:
clusterPermissions:
- rules:
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- create
- delete
- list
- watch
- get
- patch
- update
serviceAccountName: aimanager-operator-controller-manager
permissions:
- rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ''
- policy
- template.openshift.io
resources:
- pods
- pods/exec
- pods/log
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- serviceaccounts
- serviceaccount
- poddisruptionbudgets
- processedtemplates
verbs:
- '*'
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- get
- list
- patch
- update
- delete
- create
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- security.openshift.io
resourceNames:
- restricted
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- aimanager-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- eventprocessing.automation.ibm.com
resources:
- eventprocessors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibmevents.ibm.com
resources:
- kafkas
verbs:
- get
- list
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ai-manager.watson-aiops.ibm.com
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- helm.operator-sdk
resources:
- IbmMinio
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
- batch
- extensions
- apps
- policy
- rbac.authorization.k8s.io
- autoscaling
- route.openshift.io
- authorization.openshift.io
- networking.k8s.io
- metrics.k8s.io
resources:
- pods
- pods/log
- poddisruptionbudgets
- secrets
- jobs
- configmaps
- deployments
- daemonsets
- statefulsets
- replicasets
- services
- services/finalizers
- persistentvolumeclaims
- cronjobs
- pods/exec
- pods/portforward
- serviceaccounts
- namespaces
- roles
- rolebindings
- horizontalpodautoscalers
- routes
- routes/custom-host
- ingresses
- endpoints
- cronjob
- networkpolicies
- events
- jobs/status
- pods/status
- resourcequotas
- resourcequotas/status
- nodes
verbs:
- apply
- create
- get
- delete
- watch
- update
- edit
- exec
- list
- patch
- deletecollection
- apiGroups:
- cpd.ibm.com
resources:
- cpdinstalls
- cpdinstalls/spec
- cpdinstalls/status
verbs:
- apply
- create
- delete
- edit
- get
- list
- patch
- update
- watch
- apiGroups:
- build.openshift.io
resources:
- buildconfigs
- buildconfigs/instantiate
- buildconfigs/instantiatebinary
- buildconfigs/webhooks
- buildlogs
- builds
- builds/clone
- builds/details
- builds/log
verbs:
- create
- delete
- list
- watch
- get
- patch
- update
- apiGroups:
- image.openshift.io
resources:
- imagestreams
- imagestreams/layers
- imagestreams/secrets
- imagestreams/status
- imagestreamimages
- imagestreamimports
- imagestreammappings
- imagestreamtags
verbs:
- create
- delete
- list
- watch
- get
- patch
- update
- apiGroups:
- apps
resourceNames:
- cpd-meta-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- metaoperator.cpd.ibm.com
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- certmanager.k8s.io
resources:
- issuers
- issuers/status
- issuers/finalizers
- certificates
- certificates/status
- certificates/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.ibm.com
resources:
- operandrequests
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- zen.cpd.ibm.com
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flink.ibm.com
resources:
- flinkdeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
serviceAccountName: aimanager-operator-controller-manager
aiopsedge-operator:
clusterPermissions:
- rules:
- apiGroups:
- ''
resourceNames:
- console-config
resources:
- configmaps
verbs:
- get
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- config.openshift.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- aiopskafkatopics
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- aiopskafkatopics/status
verbs:
- get
- patch
- update
- apiGroups:
- connectors.aiops.ibm.com
resources:
- bundlemanifests
- bundlemanifests/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- bundlemanifests/status
verbs:
- get
- patch
- update
- apiGroups:
- operator.openshift.io
resources:
- dnses
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
serviceAccountName: manager
permissions:
- rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- apiGroups:
- ''
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps/finalizers
- secrets/finalizers
- serviceaccounts/finalizers
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apidiscovery.ibm.com
resources:
- apis
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- appconnect.ibm.com
resources:
- configurations
- dashboards
- integrationruntimes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- asm.ibm.com
resources:
- asmformations
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- build.openshift.io
resources:
- buildconfigs
verbs:
- delete
- get
- list
- watch
- apiGroups:
- camel.apache.org
resources:
- camelcatalogs
- integrationkits
- integrationplatforms
- integrations
verbs:
- delete
- get
- list
- watch
- apiGroups:
- camel.apache.org
resources:
- integrations
- kameletbindings
- kamelets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
- issuers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
verbs:
- get
- list
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- aiopsedges
- aiopsedges/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- aiopsedges/status
verbs:
- get
- patch
- update
- apiGroups:
- connectors.aiops.ibm.com
resources:
- connectorcomponents
- connectorcomponents/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- connectorcomponents
- connectorconfigurations
- connectorconfigurations/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- connectorcomponents/status
verbs:
- get
- patch
- update
- apiGroups:
- connectors.aiops.ibm.com
resources:
- connectorconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- connectors.aiops.ibm.com
resources:
- connectorschemas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- gitapps
- gitapps/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- gitapps/status
verbs:
- get
- patch
- update
- apiGroups:
- connectors.aiops.ibm.com
resources:
- microedgeconfigurations
- microedgeconfigurations/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibmevents.ibm.com
resources:
- kafkas
- kafkatopics
- kafkausers
- mirrormakers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- delete
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- network.openshift.io
resources:
- egressnetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- networkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- openliberty.io
resources:
- openlibertyapplications
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.ibm.com
resources:
- operandconfigs
- operandregistries
- operandrequests
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- operators.coreos.com
resources:
- operatorgroups
- subscriptions
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- vault.aiops.ibm.com
resources:
- vaultaccesses
- vaultdeploys
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
serviceAccountName: manager
asm-operator:
permissions:
- rules:
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- patch
- update
- delete
- create
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- get
- list
- patch
- update
- delete
- create
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- patch
- update
- delete
- create
- watch
- apiGroups:
- ''
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- role
- rolebinding
verbs:
- get
- list
- patch
- update
- delete
- create
- watch
- apiGroups:
- ''
- extensions
resources:
- deployments
- configmaps
- ingresses
- services
- serviceaccounts
- persistentvolumeclaims
verbs:
- '*'
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- asm.ibm.com
resources:
- asms
- asms/finalizers
- Asms
- Asm/status
- Asms
verbs:
- '*'
- apiGroups:
- asm.ibm.com
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps/status
- endpoints
verbs:
- get
- update
- patch
- apiGroups:
- asm.ibm.com
resources:
- appdiscoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- asm.ibm.com
resources:
- appdiscoes/status
verbs:
- get
- patch
- update
- apiGroups:
- base.automation.ibm.com
resources:
- cartridgerequirements
verbs:
- get
- list
- watch
- apiGroups:
- zen.cpd.ibm.com
resources:
- zenservices
verbs:
- get
- list
- watch
- apiGroups:
- core.ir.aiops.ibm.com
resources:
- issueresolutioncores
verbs:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- get
- list
- watch
- create
- patch
- update
- delete
serviceAccountName: asm-operator
ibm-aiops-ir-ai:
permissions:
- rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ai-manager.watson-aiops.ibm.com
resources:
- algorithms
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ai.ir.aiops.ibm.com
resources:
- aiopsanalyticsorchestrators
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ai.ir.aiops.ibm.com
resources:
- aiopsanalyticsorchestrators/finalizers
verbs:
- update
- apiGroups:
- ai.ir.aiops.ibm.com
resources:
- aiopsanalyticsorchestrators/status
verbs:
- get
- patch
- update
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- delete
- get
- list
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- watch
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- secrets
- services
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- update
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- create
- delete
- get
- update
serviceAccountName: ibm-ir-ai-operator-controller-management-sa
ibm-aiops-ir-core:
permissions:
- rules:
- apiGroups:
- ''
- coordination.k8s.io
resources:
- configmaps
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- delete
- get
- list
- update
- apiGroups:
- ''
resources:
- configmaps
- persistentvolumeclaims
- secrets
- services
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ''
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- update
- apiGroups:
- core.ir.aiops.ibm.com
resources:
- issueresolutioncores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- core.ir.aiops.ibm.com
resources:
- issueresolutioncores/finalizers
verbs:
- update
- apiGroups:
- core.ir.aiops.ibm.com
resources:
- issueresolutioncores/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- create
- delete
- get
- update
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- update
serviceAccountName: ir-core-operator-controller-manager
ibm-aiops-ir-lifecycle:
permissions:
- rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
- issuers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps
- persistentvolumeclaims
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- flink.automation.ibm.com
resources:
- flinkclusters
verbs:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flink.ibm.com
resources:
- flinkdeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibmevents.ibm.com
resources:
- kafkausers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- lifecycle.ir.aiops.ibm.com
resources:
- lifecycleservices
- lifecycletriggers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- lifecycle.ir.aiops.ibm.com
resources:
- lifecycleservices/finalizers
- lifecycletriggers/finalizers
verbs:
- update
- apiGroups:
- lifecycle.ir.aiops.ibm.com
resources:
- lifecycleservices/status
- lifecycletriggers/status
verbs:
- get
- patch
- update
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
serviceAccountName: ir-lifecycle-operator-controller-manager
ibm-aiops-orchestrator:
clusterPermissions:
- rules:
- apiGroups:
- operators.coreos.com
resources:
- catalogsources
verbs:
- get
serviceAccountName: ibm-aiops-orchestrator-controller-manager
permissions:
- rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ai-manager.watson-aiops.ibm.com
resources:
- aimanagers
verbs:
- get
- list
- watch
- apiGroups:
- ai.ir.aiops.ibm.com
resources:
- aiopsanalyticsorchestrators
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- asm.ibm.com
resources:
- asms
verbs:
- get
- list
- watch
- apiGroups:
- base.automation.ibm.com
resources:
- automationbases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- base.automation.ibm.com
resources:
- cartridgerequirements
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- base.automation.ibm.com
resources:
- cartridgesrequirements/finalizers
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
- issuers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- aiopsedges
verbs:
- get
- list
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aiopsuis
- baseuis
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
- persistentvolumeclaims
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- core.automation.ibm.com
resources:
- automationuiconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- core.automation.ibm.com
resources:
- cartridges
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- core.automation.ibm.com
resources:
- cartridges/finalizers
verbs:
- update
- apiGroups:
- core.ir.aiops.ibm.com
resources:
- issueresolutioncores
verbs:
- get
- list
- watch
- apiGroups:
- elastic.automation.ibm.com
resources:
- elasticsearches
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- elasticsearch.opencontent.ibm.com
resources:
- elasticsearchclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- eventprocessing.automation.ibm.com
resources:
- eventprocessors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flink.automation.ibm.com
resources:
- flinkclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flink.ibm.com
resources:
- flinkdeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ibmevents.ibm.com
resources:
- kafkas
- kafkausers
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- lifecycle.ir.aiops.ibm.com
resources:
- lifecycleservices
- lifecycletriggers
verbs:
- get
- list
- watch
- apiGroups:
- modeltrain.ibm.com
resources:
- modeltrains
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- networkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.ibm.com
resources:
- commonservices
- operandbindinfos
- operandconfigs
- operandregistries
- operandrequests
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- delete
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- operatorgroups
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- orchestrator.aiops.ibm.com
resources:
- customsizes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- orchestrator.aiops.ibm.com
resources:
- customsizes/finalizers
verbs:
- update
- apiGroups:
- orchestrator.aiops.ibm.com
resources:
- customsizes/status
verbs:
- get
- patch
- update
- apiGroups:
- orchestrator.aiops.ibm.com
resources:
- installations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- orchestrator.aiops.ibm.com
resources:
- installations/finalizers
verbs:
- update
- apiGroups:
- orchestrator.aiops.ibm.com
resources:
- installations/status
verbs:
- get
- patch
- update
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- watch
- apiGroups:
- postgres.aiops.ibm.com
resources:
- postgresdbs
- postgreservices
verbs:
- get
- list
- watch
- apiGroups:
- postgresql.k8s.enterprisedb.io
resources:
- clusters
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- redis.ibm.com
resources:
- rediscps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- shim.bedrock.ibm.com
resources:
- kafkaclaims
verbs:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- shim.bedrock.ibm.com
resources:
- kafkaclaims/finalizers
verbs:
- update
- apiGroups:
- sretooling.management.ibm.com
resources:
- tunnels
verbs:
- get
- list
- watch
- apiGroups:
- zen.cpd.ibm.com
resources:
- zenextensions
- zenservices
verbs:
- get
- list
- watch
serviceAccountName: ibm-aiops-orchestrator-controller-manager
ibm-secure-tunnel-operator:
clusterPermissions:
- rules:
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- watch
- update
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- events
- secrets
- serviceaccounts
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- patch
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- networkpolicies
- ingressclasses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.openshift.io
resources:
- dnses
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- securetunnel.management.ibm.com
resources:
- applicationmappings
- applicationmappings/finalizers
- applicationmappings/status
- applications/finalizers
- templates
- templates/finalizers
- templates/status
- tunnelconnections
- tunnelconnections/finalizers
- tunnelconnections/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- sretooling.management.ibm.com
resources:
- tunnels
- tunnels/finalizers
- tunnels/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tunnel.management.ibm.com
resources:
- applications
- applications/finalizers
- applications/status
- templates
- templates/finalizers
- templates/status
- tunnelconnections
- tunnelconnections/finalizers
- tunnelconnections/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
- issuers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- zen.cpd.ibm.com
resources:
- zenextensions
- zenservices
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
serviceAccountName: ibm-secure-tunnel-operator
ibm-watson-aiops-ui-operator:
permissions:
- rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- ''
resources:
- configmaps
- pods
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps
- secrets
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps
- serviceaccounts
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- configmaps
- services
- services/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- asm.ibm.com
resources:
- asms
verbs:
- get
- list
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- connectors.aiops.ibm.com
resources:
- connectorschemas
verbs:
- get
- list
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aimodeluis
- aimodeluis/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aimodeluis/status
verbs:
- get
- patch
- update
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aiopsuiextensions
- aiopsuiextensions/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aiopsuiextensions/status
verbs:
- get
- patch
- update
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aiopsuis
- aiopsuis/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- aiopsuis/status
verbs:
- get
- patch
- update
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- baseuis
- baseuis/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- baseuis/status
verbs:
- get
- patch
- update
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- connectoruis
- connectoruis/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- connectoruis/status
verbs:
- get
- patch
- update
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- insightsuis
- insightsuis/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- consoleui.aiops.ibm.com
resources:
- insightsuis/status
verbs:
- get
- patch
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- apiGroups:
- zen.cpd.ibm.com
resources:
- zenextensions
- zenextensions/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- zen.cpd.ibm.com
resources:
- zenservices
verbs:
- get
- list
- watch
serviceAccountName: ibm-watson-aiops-ui-operator-manager-role