apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: {{ .Values.operator.name }}
rules:
- apiGroups: ["extensions"]
  resources: ["deployments", "replicasets", "daemonsets"]
  verbs: ["create", "get", "update", "delete", "list"]
- apiGroups: ["apiextensions.k8s.io"]
  resources: ["customresourcedefinitions"]
  verbs: ["create", "get", "update", "delete", "list"]
- apiGroups: ["storage.k8s.io"]
  resources: ["storageclasses"]
  verbs: ["get", "list", "create", "delete", "deletecollection"]
- apiGroups: [""]
  resources: ["persistentvolumes", "persistentvolumeclaims", "services", "secrets", "configmaps"]
  verbs: ["create", "get", "update", "delete", "list"]
- apiGroups: ["batch"]
  resources: ["cronjobs", "jobs"]
  verbs: ["create", "get", "deletecollection", "delete"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["list", "get", "watch", "update"]
- apiGroups: ["apps"]
  resources: ["statefulsets", "deployments"]
  verbs: ["*"]
- apiGroups: ["operator.m3db.io"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["create", "patch"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]