# Central Cluster, cluster-scoped resources
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-central-namespace-multi-cluster-mongodb-role
rules:
- apiGroups:
  - mongodb.com
  resources:
  - clustermongodbroles
  verbs:
  - '*'

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-multi-cluster-role
rules:
- apiGroups:
  - mongodb.com
  resources:
  - mongodbmulticluster
  - mongodbmulticluster/finalizers
  - mongodbmulticluster/status
  - mongodbusers
  - mongodbusers/status
  - opsmanagers
  - opsmanagers/finalizers
  - opsmanagers/status
  - mongodb
  - mongodb/finalizers
  - mongodb/status
  - mongodbsearch
  - mongodbsearch/finalizers
  - mongodbsearch/status
  verbs:
  - '*'
- apiGroups:
  - mongodbcommunity.mongodb.com
  resources:
  - mongodbcommunity
  - mongodbcommunity/status
  - mongodbcommunity/spec
  - mongodbcommunity/finalizers
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - secrets
  - configmaps
  - services
  verbs:
  - get
  - list
  - create
  - update
  - delete
  - watch
  - deletecollection
- apiGroups:
  - apps
  resources:
  - statefulsets
  verbs:
  - get
  - list
  - create
  - update
  - delete
  - watch
  - deletecollection
- apiGroups:
  - ""
  resources:
  - persistentvolumeclaims
  verbs:
  - get
  - list
  - create
  - update
  - watch
  - patch
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - list
  - watch
  - delete
  - deletecollection
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - list
  - watch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-multi-cluster-role-telemetry
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - list
- apiGroups:
  - ""
  resourceNames:
  - kube-system
  resources:
  - namespaces
  verbs:
  - get
- nonResourceURLs:
  - /version
  verbs:
  - get

---
# Central Cluster, cluster-scoped resources
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-central-namespace-multi-cluster-mongodb-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: mongodb-kubernetes-operator-central-namespace-multi-cluster-mongodb-role
subjects:
- kind: ServiceAccount
  name: mongodb-kubernetes-operator-multicluster
  namespace: central-namespace

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-multi-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: mongodb-kubernetes-operator-multi-cluster-role
subjects:
- kind: ServiceAccount
  name: mongodb-kubernetes-operator-multicluster
  namespace: central-namespace

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-multi-telemetry-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: mongodb-kubernetes-operator-multi-cluster-role-telemetry
subjects:
- kind: ServiceAccount
  name: mongodb-kubernetes-operator-multicluster
  namespace: central-namespace

---
# Central Cluster, cluster-scoped resources
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: null
  labels:
    multi-cluster: "true"
  name: mongodb-kubernetes-operator-multicluster
  namespace: central-namespace

---