-
Notifications
You must be signed in to change notification settings - Fork 65
/
0000_26_cloud-controller-manager-operator_16_credentialsrequest-gcp.yaml
58 lines (57 loc) · 1.99 KB
/
0000_26_cloud-controller-manager-operator_16_credentialsrequest-gcp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
apiVersion: cloudcredential.openshift.io/v1
kind: CredentialsRequest
metadata:
name: openshift-gcp-ccm
namespace: openshift-cloud-credential-operator
annotations:
capability.openshift.io/name: CloudCredential+CloudControllerManager
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
spec:
serviceAccountNames:
- cloud-controller-manager
secretRef:
name: gcp-ccm-cloud-credentials
namespace: openshift-cloud-controller-manager
providerSpec:
apiVersion: cloudcredential.openshift.io/v1
kind: GCPProviderSpec
permissions:
- "compute.addresses.create"
- "compute.addresses.delete"
- "compute.addresses.get"
- "compute.addresses.list"
- "compute.firewalls.create"
- "compute.firewalls.delete"
- "compute.firewalls.get"
- "compute.firewalls.update"
- "compute.forwardingRules.create"
- "compute.forwardingRules.delete"
- "compute.forwardingRules.get"
- "compute.healthChecks.create"
- "compute.healthChecks.delete"
- "compute.healthChecks.get"
- "compute.healthChecks.update"
- "compute.httpHealthChecks.create"
- "compute.httpHealthChecks.delete"
- "compute.httpHealthChecks.get"
- "compute.httpHealthChecks.update"
- "compute.instanceGroups.create"
- "compute.instanceGroups.delete"
- "compute.instanceGroups.get"
- "compute.instanceGroups.update"
- "compute.instances.get"
- "compute.instances.use"
- "compute.regionBackendServices.create"
- "compute.regionBackendServices.delete"
- "compute.regionBackendServices.get"
- "compute.regionBackendServices.update"
- "compute.targetPools.addInstance"
- "compute.targetPools.create"
- "compute.targetPools.delete"
- "compute.targetPools.get"
- "compute.targetPools.removeInstance"
- "compute.zones.list"
# If set to true, don't check whether the requested
# roles have the necessary services enabled
skipServiceCheck: true