---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: airm-project-member
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/log
      - pods/exec
      - pods/attach
      - pods/portforward
      - events
      - services
      - configmaps
      - persistentvolumes
      - persistentvolumeclaims
    verbs:
      - '*'
  - apiGroups:
      - apps
    resources:
      - deployments
      - replicasets
      - statefulsets
      - daemonsets
    verbs:
      - '*'
  - apiGroups:
      - batch
    resources:
      - jobs
      - cronjobs
    verbs:
      - '*'
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
      - networkpolicies
      - httproutes
    verbs:
      - '*'
  - apiGroups:
      - kaiwo.silogen.ai
    resources:
      - kaiwojobs
      - kaiwoservices
    verbs:
      - '*'
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - list
      - watch
      - create
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - roles
      - clusterroles
      - rolebindings
      - clusterrolebindings
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - external-secrets.io
    resources:
      - clustersecretstores
      - externalsecrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - storage.k8s.io
    resources:
      - storageclasses
    verbs:
      - get
      - list
      - watch