apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: manager-role
rules:
##
## Base operator rules
##
# We need to get namespaces so the operator can read namespaces to ensure they exist
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
# We need to manage Helm release secrets
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - "*"
# We need to create events on CRs about things happening during reconciliation
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create

##
## Rules for ontime.getontime.no/v1alpha1, Kind: Stage
##
- apiGroups:
  - ontime.getontime.no
  resources:
  - stages
  - stages/status
  - stages/finalizers
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- verbs:
  - "*"
  apiGroups:
  - ""
  resources:
  - "serviceaccounts"
  - "services"
- verbs:
  - "*"
  apiGroups:
  - "apps"
  resources:
  - "deployments"
- verbs:
  - "*"
  apiGroups:
  - "networking.k8s.io"
  resources:
  - "ingresses"

# +kubebuilder:scaffold:rules