RBAC Permissions
Kubernetes role defines the permissions required to access Kubernetes resources. The following permissions in a role are required in the TIBCO Control Plane namespace for deploying self-hosted TIBCO Control Plane.
- apiGroups: [""] resources: ["serviceaccounts"] verbs: ["list", "watch", "create", "update", "delete"] - apiGroups: ["autoscaling"] resources: ["horizontalpodautoscalers"] verbs: ["create", "delete", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "delete"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses", "networkpolicy"] verbs: ["list", "get", "create", "update", "delete"] - apiGroups: ["batch"] resources: ["jobs", "cronjobs"] verbs: ["create", "get", "delete", "update", "list", "watch"] - apiGroups: ["cloud.tibco.com"] resources: ["tibcoresourcesets", "tibcoroutes", "tibcoroutes/status", "tibcointercomrules", "tibcoclusterenvs", "tibcorouteoverrides", "tibcotunnelroutes", "tibcotunnelroutes/status", "tibcoresourcesets", "tibcoresourcesets/status", "tibcoresourcesettemplates", "tibcoresourcesettemplates/status"] verbs: ["*"] resources: ["endpoints"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services"] verbs: ["*"] - apiGroups: [""] resources: ["pods", "secrets", "configmaps"] verbs: ["*"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["*"] - apiGroups: [""] resources: ["events"] verbs: ["*"]