kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cmk-third-party-resource-controller
rules:
- apiGroups: ["cmk.intel.com"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["extensions"]
  resources: ["thirdpartyresources", "thirdpartyresources.extensions"]
  verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cmk-custom-resource-definition-controller
rules:
- apiGroups: ["intel.com"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
  resources: ["customresourcedefinitions", "customresourcedefinitions.extensions"]
  verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cmk-daemonset-controller
rules:
- apiGroups: ["extensions", "apps"]
  resources: ["daemonsets", "daemonsets.extensions", "daemonsets.apps"]
  verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cmk-version-controller
rules:
  - nonResourceURLs: ["*"]
    verbs:
      - get
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cmk-webhook-installer
rules:
- apiGroups: ["", "apps", "extensions", "admissionregistration.k8s.io"]
  resources: ["secrets", "configmaps", "deployments", "services", "mutatingwebhookconfigurations"]
  verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cmk-node-lister
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-daemonset
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmk-daemonset-controller
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-node
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:node
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-tpr
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmk-third-party-resource-controller
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-crd
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmk-custom-resource-definition-controller
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-version
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmk-version-controller
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-webhook-installer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmk-webhook-installer
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: cmk-role-binding-node-lister
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmk-node-lister
subjects:
- kind: ServiceAccount
  name: cmk-serviceaccount
  namespace: cmk-namespace