apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: cluster.x-k8s.io/aggregate-to-manager: "true" cluster.x-k8s.io/provider: cluster-api name: capi-manager-role rules: - apiGroups: - "" resources: - namespaces verbs: - get - list - watch - apiGroups: - addons.cluster.x-k8s.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch - apiGroups: - addons.cluster.x-k8s.io resources: - clusterresourcesets/finalizers - clusterresourcesets/status verbs: - get - patch - update - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - watch - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - bootstrap.cluster.x-k8s.io - controlplane.cluster.x-k8s.io - infrastructure.cluster.x-k8s.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch - apiGroups: - bootstrap.cluster.x-k8s.io - infrastructure.cluster.x-k8s.io resources: - '*' verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusterclasses verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusterclasses - clusterclasses/status verbs: - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters verbs: - get - list - watch - apiGroups: - cluster.x-k8s.io resources: - clusters - clusters/finalizers - clusters/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - clusters - clusters/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinedeployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinedeployments - machinedeployments/finalizers verbs: - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinedeployments - machinedeployments/finalizers - machinedeployments/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinehealthchecks verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinehealthchecks - machinehealthchecks/finalizers - machinehealthchecks/status verbs: - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinepools verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinepools - machinepools/finalizers - machinepools/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machines - machines/finalizers - machines/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machines - machines/status verbs: - delete - get - list - watch - apiGroups: - cluster.x-k8s.io resources: - machinesets verbs: - get - list - watch - apiGroups: - cluster.x-k8s.io resources: - machinesets - machinesets/finalizers verbs: - get - list - patch - update - watch - apiGroups: - cluster.x-k8s.io resources: - machinesets - machinesets/finalizers - machinesets/status verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - configmaps verbs: - get - list - patch - watch - apiGroups: - "" resources: - events verbs: - create - get - list - patch - watch - apiGroups: - "" resources: - nodes verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - secrets verbs: - create - delete - get - list - patch - watch - apiGroups: - ipam.cluster.x-k8s.io resources: - ipaddressclaims verbs: - get - list - watch - apiGroups: - runtime.cluster.x-k8s.io resources: - extensionconfigs - extensionconfigs/status verbs: - get - list - patch - update - watch