--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: airm-platform-admin rules: - apiGroups: - "" resources: - pods - events - services - configmaps - persistentvolumes - persistentvolumeclaims - namespaces - serviceaccounts verbs: - get - list - watch - delete - apiGroups: - "" resources: - pods/log - pods/exec - pods/attach - pods/portforward verbs: - '*' - apiGroups: - apps resources: - deployments - replicasets - statefulsets - daemonsets verbs: - get - list - watch - delete - apiGroups: - batch resources: - jobs - cronjobs verbs: - get - list - watch - delete - apiGroups: - networking.k8s.io resources: - ingresses - networkpolicies - httproutes verbs: - get - list - watch - delete - apiGroups: - kaiwo.silogen.ai resources: - kaiwojobs - kaiwoservices verbs: - get - list - watch - delete - apiGroups: - config.kaiwo.silogen.ai resources: - kaiwoconfigs verbs: - '*' - apiGroups: - kaiwo.silogen.ai resources: - kaiwojobs - kaiwoservices - kaiwoqueueconfigs verbs: - '*' - apiGroups: - "" resources: - secrets verbs: - get - list - watch - create - delete - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - rbac.authorization.k8s.io resources: - roles - clusterroles - rolebindings - clusterrolebindings verbs: - get - list - watch - apiGroups: - external-secrets.io resources: - externalsecrets verbs: - get - list - watch - create - delete - apiGroups: - external-secrets.io resources: - clustersecretstores verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - kueue.x-k8s.io resources: - clusterqueues - resourceflavors - localqueues verbs: - get - list - watch