cluster-role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: enterprise-console-sa-role
rules:
  - apiGroups:
      - ""
    resources:
      - secrets
      - configmaps
    verbs:
      - get
      - watch
      - create
      - list
      - patch
      - update
      - delete
      - deletecollection
  - apiGroups:
      - ""
    resources:
      - namespaces
      - services
      - events
      - resourcequotas
      - nodes
    verbs:
      - get
      - watch
      - create
      - list
      - patch
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - watch
      - create
      - list
      - patch
      - delete
      - deletecollection
  - apiGroups:
      - ""
    resources:
      - persistentvolumeclaims
    verbs:
      - deletecollection
      - list
      - get
      - watch
      - update
  - apiGroups:
      - storage.k8s.io
    resources:
      - storageclasses
    verbs:
      - get
      - watch
      - create
      - list
      - patch
  - apiGroups:
      - apps
    resources:
      - statefulsets
      - deployments
    verbs:
      - get
      - create
      - list
      - patch
      - watch
      - update
      - delete
  - apiGroups:
      - batch
    resources:
      - jobs
    verbs:
      - get
      - create
      - list
      - patch
      - watch
      - update
      - delete
  - apiGroups:
      - certificates.k8s.io
    resources:
      - certificatesigningrequests
      - certificatesigningrequests/approval
      - certificatesigningrequests/status
    verbs:
      - update
      - create
      - get
      - delete
      - list
  - apiGroups:
      - minio.min.io
    resources:
      - '*'
    verbs:
      - '*'
  - apiGroups:
      - min.io
    resources:
      - '*'
    verbs:
      - '*'
  - apiGroups:
      - enterprise.min.io
    resources:
      - '*'
    verbs:
      - '*'
  - apiGroups:
      - directpv.min.io
    resources:
      - '*'
    verbs:
      - '*'
  - apiGroups:
      - ""
    resources:
      - persistentvolumes
    verbs:
      - get
      - list
      - watch
      - create
      - delete
  - apiGroups:
      - ""
    resources:
      - persistentvolumeclaims
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - list
      - watch
      - update
      - patch
  - apiGroups:
      - snapshot.storage.k8s.io
    resources:
      - volumesnapshots
    verbs:
      - get
      - list
  - apiGroups:
      - snapshot.storage.k8s.io
    resources:
      - volumesnapshotcontents
    verbs:
      - get
      - list
  - apiGroups:
      - storage.k8s.io
    resources:
      - csinodes
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - storage.k8s.io
    resources:
      - volumeattachments
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
  - apiGroups:
      - apiextensions.k8s.io
    resources:
      - customresourcedefinitions
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
  - apiGroups:
      - ""
    resources:
      - pod
      - pods/log
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
    resourceNames:
      - kube-system
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - "*"
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - clusterrolebindings
      - clusterroles
    verbs:
      - "*"
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
    verbs:
      - "*"