---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
  labels:
    {{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
    app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role
rules:
  - apiGroups:
      - '*'
    resources:
      - '*'
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - apiextensions.k8s.io
    resources:
      - customresourcedefinitions
    verbs:
      - create
      - update
      - delete
      - patch
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
      - services
      - services/finalizers
      - secrets
      - events
      - pods
      - endpoints
      - configmaps
    verbs:
      - create
      - update
      - delete
      - patch
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
      - mutatingwebhookconfigurations
    verbs:
      - create
      - update
      - delete
      - patch
  - apiGroups:
      - apps
    resources:
      - deployments
    verbs:
      - create
      - update
      - delete
      - patch
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - clusterroles
      - clusterrolebindings
      - roles
      - rolebindings
    verbs:
      - create
      - update
      - delete
      - patch
      - bind
      - escalate
  - apiGroups:
      - triliovault.trilio.io
    resources:
      - '*'
    verbs:
      - '*'
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - update
  - apiGroups:
      - batch
    resources:
      - cronjobs
    verbs:
      - create
      - delete
      - update
      - patch
  - apiGroups:
      - batch
    resources:
      - jobs
    verbs:
      - create
      - delete
  - apiGroups:
      - policy
    resources:
      - poddisruptionbudgets
    verbs:
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - create
      - patch
      - update
      - delete
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingressclasses
    verbs:
      - delete