3 files changed, 37 insertions, 0 deletions

diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
index 10146e8..a4024ae 100644
--- a/setup/configs/openshift.yml
+++ b/setup/configs/openshift.yml
@@ -20,6 +20,8 @@ ands_openshift_roles:
   kaas/admin: csa, kopmann
   katrin/admin: katrin
   adei/admin: csa
+  adei/view: pdv, kopmann
+  adei/kaas-maintain: pdv, kopmann
   bora/admin: ntj
   web/admin: kopmann
   mon/admin: csa
diff --git a/setup/projects/openshift/templates/maintain.yml.j2 b/setup/projects/openshift/templates/maintain.yml.j2
new file mode 100644
index 0000000..41017a5
--- /dev/null
+++ b/setup/projects/openshift/templates/maintain.yml.j2
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ClusterRole
+metadata:
+  annotations:
+    openshift.io/description: A user that can create and edit most objects in a project,
+      but can not update the project's membership.
+    openshift.io/reconcile-protect: "false"
+  creationTimestamp: null
+  name: kaas-maintain
+rules:
+- resources:
+  - pods/exec
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- resources:
+  - replicationcontrollers/scale
+  - deploymentconfigs/scale
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/setup/projects/openshift/vars/script.yml b/setup/projects/openshift/vars/script.yml
new file mode 100644
index 0000000..0d9ccef
--- /dev/null
+++ b/setup/projects/openshift/vars/script.yml
@@ -0,0 +1,2 @@
+oc:
+  - templates: "maintain*"