rancher-charts/charts/rancher-istio/100.1.0+up1.11.4/templates/admin-role.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: istio-admin
  namespace: {{ template "istio.namespace" . }}
rules:
  - apiGroups:
      - config.istio.io
    resources:
      - adapters
      - attributemanifests
      - handlers
      - httpapispecbindings
      - httpapispecs
      - instances
      - quotaspecbindings
      - quotaspecs
      - rules
      - templates
    verbs: ["get", "watch", "list"]
  - apiGroups:
      - networking.istio.io
    resources:
      - destinationrules
      - envoyfilters
      - gateways
      - serviceentries
      - sidecars
      - virtualservices
      - workloadentries
    verbs:
      - '*'
  - apiGroups:
      - security.istio.io
    resources:
      - authorizationpolicies
      - peerauthentications
      - requestauthentications
    verbs:
      - '*'
Add release-v2.5 charts 2021-06-18 20:16:00 +00:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`labels:`
			`rbac.authorization.k8s.io/aggregate-to-admin: "true"`
			`name: istio-admin`
			`namespace: {{ template "istio.namespace" . }}`
			`rules:`
			`- apiGroups:`
			`- config.istio.io`
			`resources:`
			`- adapters`
			`- attributemanifests`
			`- handlers`
			`- httpapispecbindings`
			`- httpapispecs`
			`- instances`
			`- quotaspecbindings`
			`- quotaspecs`
			`- rules`
			`- templates`
			`verbs: ["get", "watch", "list"]`
			`- apiGroups:`
			`- networking.istio.io`
			`resources:`
			`- destinationrules`
			`- envoyfilters`
			`- gateways`
			`- serviceentries`
			`- sidecars`
			`- virtualservices`
			`- workloadentries`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- security.istio.io`
			`resources:`
			`- authorizationpolicies`
			`- peerauthentications`
			`- requestauthentications`
			`verbs:`
			`- '*'`