jboyd01/svcat-rbac.yaml

## svcat-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:service-catalog:aggregate-to-admin
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
  - "servicecatalog.k8s.io"
  attributeRestrictions: null
  resources:
  - servicebrokers
  - serviceclasses
  - serviceplans
  - serviceinstances
  - servicebindings
  verbs:
  - create
  - update
  - delete
  - get
  - list
  - watch
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:service-catalog:aggregate-to-edit
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
  - "servicecatalog.k8s.io"
  attributeRestrictions: null
  resources:
  - servicebrokers
  - serviceclasses
  - serviceplans
  - serviceinstances
  - servicebindings
  verbs:
  - create
  - update
  - delete
  - get
  - list
  - watch
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:service-catalog:aggregate-to-view
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
  - "servicecatalog.k8s.io"
  attributeRestrictions: null
  resources:
  - servicebrokers
  - serviceclasses
  - serviceplans
  - serviceinstances
  - servicebindings
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: servicecatalog-serviceclass-viewer
rules:
- apiGroups:
  - servicecatalog.k8s.io
  resources:
  - clusterserviceclasses
  - clusterserviceplans
  verbs:
  - list
  - watch
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: servicecatalog-serviceclass-viewer-binding
roleRef:
  kind: ClusterRole
  name: servicecatalog-serviceclass-viewer
subjects:
- kind: Group
  name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:auth-delegator-binding
roleRef:
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: service-catalog-apiserver
  namespace: openshift-operators
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:service-catalog:aggregate-to-admin
	labels:
	rbac.authorization.k8s.io/aggregate-to-admin: "true"
	rules:
	- apiGroups:
	- "servicecatalog.k8s.io"
	attributeRestrictions: null
	resources:
	- servicebrokers
	- serviceclasses
	- serviceplans
	- serviceinstances
	- servicebindings
	verbs:
	- create
	- update
	- delete
	- get
	- list
	- watch
	- patch
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:service-catalog:aggregate-to-edit
	labels:
	rbac.authorization.k8s.io/aggregate-to-edit: "true"
	rules:
	- apiGroups:
	- "servicecatalog.k8s.io"
	attributeRestrictions: null
	resources:
	- servicebrokers
	- serviceclasses
	- serviceplans
	- serviceinstances
	- servicebindings
	verbs:
	- create
	- update
	- delete
	- get
	- list
	- watch
	- patch
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: system:service-catalog:aggregate-to-view
	labels:
	rbac.authorization.k8s.io/aggregate-to-view: "true"
	rules:
	- apiGroups:
	- "servicecatalog.k8s.io"
	attributeRestrictions: null
	resources:
	- servicebrokers
	- serviceclasses
	- serviceplans
	- serviceinstances
	- servicebindings
	verbs:
	- get
	- list
	- watch
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: servicecatalog-serviceclass-viewer
	rules:
	- apiGroups:
	- servicecatalog.k8s.io
	resources:
	- clusterserviceclasses
	- clusterserviceplans
	verbs:
	- list
	- watch
	- get
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: servicecatalog-serviceclass-viewer-binding
	roleRef:
	kind: ClusterRole
	name: servicecatalog-serviceclass-viewer
	subjects:
	- kind: Group
	name: system:authenticated
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: system:auth-delegator-binding
	roleRef:
	kind: ClusterRole
	name: system:auth-delegator
	subjects:
	- kind: ServiceAccount
	name: service-catalog-apiserver
	namespace: openshift-operators