Enterprise Not open source: This functionality is only available commercially.

Permissions

The Vespa Operator requires the following permissions within the namespace. These permissions are listed by Kubernetes API verbs per resource.

Kubernetes Resource Required Permissions
CustomResourceDefinitions create, get, list, watch
VespaSet get, list, watch, create, update, patch, delete
VespaSet Subresources vespasets/status: update, patch
vespasets/finalizers: update
ConfigMaps get, list, watch, create, update, patch, delete
Services get, list, watch, create, update, patch, delete
Pods get, list, watch, create, update, patch, delete
Pod Execution get, create
Events create, patch
PersistentVolumeClaims get, list, watch, create, update, patch, delete
ServiceAccounts get, list, watch, create, update, patch, delete
Roles get, list, watch, create, update, patch, delete
RoleBindings get, list, watch, create, update, patch, delete