apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/name: rancher-cis-benchmark
    app.kubernetes.io/instance: release-name
  name: cis-operator-role
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/name: rancher-cis-benchmark
    app.kubernetes.io/instance: release-name
  name: cis-operator-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cis-operator-role
subjects:
- kind: ServiceAccount
  name: cis-serviceaccount
  namespace: {{ template "cis.namespace" . }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cis-operator-installer
subjects:
- kind: ServiceAccount
  name: cis-operator-serviceaccount
  namespace: {{ template "cis.namespace" . }}
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io