apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: turbo-cluster-admin
rules:
  - apiGroups:
      - ""
      - batch
    resources:
      - pods
      - jobs
    verbs:
      - '*'
  - apiGroups:
      - ""
      - apps
      - apps.openshift.io
      - extensions
      - devops.turbonomic.io
      - charts.helm.k8s.io
      - redis.redis.opstreelabs.in
    resources:
      - deployments
      - replicasets
      - replicationcontrollers
      - statefulsets
      - daemonsets
      - deploymentconfigs
      - resourcequotas
      - operatorresourcemappings
      - operatorresourcemappings/status
      - kubeturbos
      - xls
      - redis
    verbs:
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - ""
      - apps
      - batch
      - extensions
      - policy
      - app.k8s.io
      - argoproj.io
      - apiextensions.k8s.io
      - config.openshift.io
    resources:
      - nodes
      - services
      - endpoints
      - namespaces
      - limitranges
      - persistentvolumes
      - persistentvolumeclaims
      - poddisruptionbudget
      - cronjobs
      - applications
      - customresourcedefinitions
      - clusterversions
      - controllerrevisions
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - machine.openshift.io
    resources:
      - machines
      - machinesets
    verbs:
      - get
      - list
      - update
  - apiGroups:
      - ""
    resources:
      - nodes/spec
      - nodes/stats
      - nodes/metrics
      - nodes/proxy
      - pods/log
    verbs:
      - get
  - apiGroups:
      - policy.turbonomic.io
    resources:
      - slohorizontalscales
      - containerverticalscales
      - policybindings
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - security.openshift.io
    resources:
      - securitycontextconstraints
    verbs:
      - list
      - use
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
    verbs:
      - get
      - create
      - delete
      - impersonate
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - roles
      - rolebindings
      - clusterroles
      - clusterrolebindings
    verbs:
      - get
      - create
      - delete
      - update
  - apiGroups:
      - kubevirt.io
    resources:
      - virtualmachineinstances
      - virtualmachineinstancemigrations
      - virtualmachines
      - virtualmachineinstancepresets
      - virtualmachineinstancereplicasets
    verbs:
      - get
      - delete
      - create
      - update
      - patch
      - list
      - watch
  - apiGroups:
      - cdi.kubevirt.io
    resources:
      - datasources
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - instancetype.kubevirt.io
    resources:
      - virtualmachineclusterpreferences
    verbs:
      - get
      - list
      - watch
  - apiGroups: [""]
    resources: ["pods/resize"]
    verbs: ["patch"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["patch", "update"]
  - apiGroups: ["policy"]
    resources: ["pods/eviction"]
    verbs: ["create"]
  - nonResourceURLs:
      - /metrics
    verbs:
      - get