---
# Admin cluster role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: weave-admin
rules:
# Flux Resources
- apiGroups: ["kustomize.toolkit.fluxcd.io"]
  resources: [ "kustomizations" ]
  verbs: [ "get", "list", "patch" ]
- apiGroups: ["helm.toolkit.fluxcd.io"]
  resources: [ "helmreleases" ]
  verbs: [ "get", "list", "patch" ]
- apiGroups: ["source.toolkit.fluxcd.io"]
  resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories" ]
  verbs: [ "get", "list", "patch" ]
- apiGroups: [ "notification.toolkit.fluxcd.io" ]
  resources: [ "providers", "alerts" ]
  verbs: [ "get", "list" ]
- apiGroups: ["infra.contrib.fluxcd.io"]
  resources: ["terraforms"]
  verbs: [ "get", "list", "patch" ]
# Resources managed via Flux
- apiGroups: [""]
  resources: ["configmaps", "secrets", "pods", "services", "namespaces", "persistentvolumes", "persistentvolumeclaims"]
  verbs: [ "get", "list" ]
- apiGroups: ["apps"]
  resources: [ "deployments", "replicasets", "statefulsets"]
  verbs: [ "get", "list" ]
- apiGroups: ["batch"]
  resources: [ "jobs", "cronjobs"]
  verbs: [ "get", "list" ]
- apiGroups: ["autoscaling"]
  resources: ["horizontalpodautoscalers"]
  verbs: [ "get", "list" ]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"]
  verbs: [ "get", "list" ]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: [ "get", "list" ]
# Feedback
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "watch", "list"]
---
# Bind the cluster admin role to admins
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: weave-admin
subjects:
- kind: User
  name: "victor@xirion.net"
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: weave-admin
  apiGroup: rbac.authorization.k8s.io