apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: "longhorn-admin"
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
  - apiGroups: [ "longhorn.io" ]
    resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
                "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
                "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
    verbs: [ "*" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: "longhorn-edit"
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
  - apiGroups: [ "longhorn.io" ]
    resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
                "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
                "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
    verbs: [ "*" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: "longhorn-view"
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
  - apiGroups: [ "longhorn.io" ]
    resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
                "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
                "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
    verbs: [ "get", "list", "watch" ]