---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: {{ .Values.crawler_namespace }}
  name: crawler-run
rules:
- apiGroups: [""]
  resources: ["pods", "pods/exec", "pods/log", "services", "configmaps", "secrets", "events", "persistentvolumeclaims"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection", "exec"]

- apiGroups: ["batch", "extensions", "apps"]
  resources: ["jobs", "cronjobs", "statefulsets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]

- apiGroups: ["btrix.cloud"]
  resources: ["crawljobs", "profilejobs"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]

- apiGroups: ["metrics.k8s.io"]
  resources: ["pods"]
  verbs: ["list"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: {{ .Release.Namespace }}
  name: bg-job
rules:
  - apiGroups: ["batch"]
    resources: ["jobs"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: crawler-role
  namespace: {{ .Values.crawler_namespace }}
subjects:
- kind: ServiceAccount
  name: default
  namespace: {{ .Release.Namespace }}

- kind: User
  name: system:anonymous
  namespace: {{ .Release.Namespace }}

roleRef:
  kind: Role
  name: crawler-run
  apiGroup: rbac.authorization.k8s.io

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: bg-job-role
  namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
  name: default
  namespace: {{ .Release.Namespace }}

- kind: User
  name: system:anonymous
  namespace: {{ .Release.Namespace }}

roleRef:
  kind: Role
  name: bg-job
  apiGroup: rbac.authorization.k8s.io