RBAC Permissions

Kubernetes role defines the permissions required to access Kubernetes resources. The following permissions in a role are required in the TIBCO Control Plane namespace for deploying self-hosted TIBCO Control Plane.

- apiGroups: [""]
  resources: ["serviceaccounts"]
  verbs:     ["list", "watch", "create", "update", "delete"]  
- apiGroups: ["autoscaling"]
  resources: ["horizontalpodautoscalers"]
  verbs: ["create", "delete", "update"]
- apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["get", "list", "create", "delete"]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses", "networkpolicy"]
  verbs: ["list", "get", "create", "update", "delete"]
- apiGroups: ["batch"]
  resources: ["jobs", "cronjobs"]
  verbs: ["create", "get", "delete", "update", "list", "watch"]
- apiGroups: ["cloud.tibco.com"]
  resources: ["tibcoresourcesets", "tibcoroutes", "tibcoroutes/status", "tibcointercomrules", "tibcoclusterenvs", "tibcorouteoverrides", "tibcotunnelroutes", "tibcotunnelroutes/status", "tibcoresourcesets", "tibcoresourcesets/status", "tibcoresourcesettemplates", "tibcoresourcesettemplates/status"]
  verbs: ["*"]
  resources: ["endpoints"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["services"]
  verbs: ["*"] 
- apiGroups: [""]
  resources: ["pods", "secrets", "configmaps"]
  verbs: ["*"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["*"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["*"]