ClusterRoles

Learn about ClusterRoles in the Registry Proxy module. The Registry Proxy module includes several ClusterRoles that are used to manage permissions for the Registry Proxy operator and to aggregate permissions for end users.

Registry Proxy Edit ClusterRole

With the kyma-registry-proxy-edit ClusterRole, you can edit the Registry Proxy resources. For the available options, see the following table:

API Group	Resources	Verbs
`operator.kyma-project.io`	`registryproxies`	`create`, `delete`, `get`, `list`, `patch`, `update`, `watch`
`operator.kyma-project.io`	`registryproxies/status`	`get`

Registry Proxy View ClusterRole

With the kyma-registry-proxy-view ClusterRole, you can view the Registry Proxy resources. For the available options, see the following table:

API Group	Resources	Verbs
`operator.kyma-project.io`	`registryproxies`	`get`, `list`, `watch`
`operator.kyma-project.io`	`registryproxies/status`	`get`

Connection Edit ClusterRole

With the kyma-connection-edit ClusterRole, you can edit the Connection resources.

API Group	Resources	Verbs
`operator.kyma-project.io`	`connections`	`create`, `delete`, `get`, `list`, `patch`, `update`, `watch`
`operator.kyma-project.io`	`connections/status`	`get`

Connection View ClusterRole

With the kyma-connection-view ClusterRole, you can view the Connection resources. For the available options, see the following table:

API Group	Resources	Verbs
`operator.kyma-project.io`	`connections`	`get`, `list`, `watch`
`operator.kyma-project.io`	`connections/status`	`get`

Role Aggregation

The Registry Proxy module uses the Kubernetes role aggregation to automatically extend the default edit and view ClusterRoles with Registry Proxy-specific permissions.

kyma-registry-proxy-edit: Aggregated to edit ClusterRole
kyma-registry-proxy-view: Aggregated to view ClusterRole
kyma-connection-edit: Aggregated to edit ClusterRole
kyma-connection-view: Aggregated to view ClusterRole

This means that if you have the default Kubernetes edit or view ClusterRoles, you automatically receive the corresponding Registry Proxy permissions without requiring additional role bindings.

Istio Service Mesh

Tutorials

Technical Reference

Troubleshooting

Configuring Istio Gateways

Configure an mTLS Gateway

Exposing and Securing Workloads

JWT Validation

External Authorization

noAuth Configuration

Custom Resources

APIRule Migration

Technical Reference

Troubleshooting Guides

Working with Multiple Subaccounts

Resources

Tutorials

Troubleshooting

Technical Reference

Runtime Agent

Tutorials

Resources

Tutorials

Register a Service

VPC Peering

Resources

Tutorials

Tutorials

Resources

Troubleshooting for the Eventing Module

Resources

Troubleshooting

Tutorials

Resources

Technical Reference

Troubleshooting Guides

Telemetry Pipeline API

Collecting Logs

Collecting Traces

Collecting Metrics

Filtering and Processing Data

Transform and Filter with OTTL

Integrate with your OTLP Backend

Architecture

Integration Guides

Resources

Tutorials

Resources

Technical Reference

Troubleshooting Guides

Technical Reference

Tutorials

Commands

ClusterRoles ​

Registry Proxy Edit ClusterRole ​

Registry Proxy View ClusterRole ​

Connection Edit ClusterRole ​

Connection View ClusterRole ​

Role Aggregation ​

ClusterRoles

Registry Proxy Edit ClusterRole

Registry Proxy View ClusterRole

Connection Edit ClusterRole

Connection View ClusterRole

Role Aggregation