--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/component: admission-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno app.kubernetes.io/version: 3.4.1 name: kyverno:admission-controller:core rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - create - delete - get - list - patch - update - watch - deletecollection - apiGroups: - rbac.authorization.k8s.io resources: - roles - clusterroles - rolebindings - clusterrolebindings verbs: - get - list - watch - apiGroups: - kyverno.io resources: - policies - policies/status - clusterpolicies - clusterpolicies/status - updaterequests - updaterequests/status - globalcontextentries - globalcontextentries/status - policyexceptions verbs: - create - delete - get - list - patch - update - watch - deletecollection - apiGroups: - policies.kyverno.io resources: - validatingpolicies - validatingpolicies/status - policyexceptions - imagevalidatingpolicies - imagevalidatingpolicies/status verbs: - create - delete - get - list - patch - update - watch - deletecollection - apiGroups: - reports.kyverno.io resources: - ephemeralreports - clusterephemeralreports verbs: - create - delete - get - list - patch - update - watch - deletecollection - apiGroups: - wgpolicyk8s.io resources: - policyreports - policyreports/status - clusterpolicyreports - clusterpolicyreports/status verbs: - create - delete - get - list - patch - update - watch - deletecollection - apiGroups: - "" - events.k8s.io resources: - events verbs: - create - update - patch - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - "" resources: - configmaps - namespaces verbs: - get - list - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - update - patch - get - list - watch