apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app: cluster-manager
    app.kubernetes.io/name: cluster-manager
    helm.sh/chart: cluster-manager-0.1.0
    version: 0.1.0
  name: cluster-manager
  namespace: tensorsec
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- apiGroups:
  - defense.security.cn
  resources:
  - honeypots
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - defense.security.cn
  resources:
  - honeypots/finalizers
  verbs:
  - update
- apiGroups:
  - defense.security.cn
  resources:
  - honeypots/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - microseg.security.cn
  resources:
  - microsegnetworkpolicies
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - microseg.security.cn
  resources:
  - microsegnetworkpolicies/status
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - namespaces
  - endpoints
  - services
  verbs:
  - list
  - get
  - patch
  - update
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - get
  - list
  - deletecollection
- apiGroups:
  - extensions
  - apps
  resources:
  - daemonsets
  - deployments
  - networkpolicies
  - replicasets
  - statefulsets
  verbs:
  - get
  - list
- apiGroups:
  - crd.projectcalico.org
  resources:
  - globalnetworkpolicies
  - networkpolicies
  verbs:
  - get
  - list
  - create
  - update
  - delete
- apiGroups:
  - networking.k8s.io
  resources:
  - networkpolicies
  verbs:
  - get
  - list
  - create
  - update
  - delete
- apiGroups:
  - ""
  resources:
  - secrets
  - services
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - extensions
  - apps
  resources:
  - deployments
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - waf.security.io
  resources:
  - services
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - waf.security.io
  resources:
  - services/finalizers
  verbs:
  - update
- apiGroups:
  - waf.security.io
  resources:
  - services/status
  verbs:
  - get
  - patch
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app: cluster-manager
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: cluster-manager
    helm.sh/chart: cluster-manager-0.1.0
    version: 0.1.0
  name: cluster-manager
  namespace: tensorsec
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cluster-manager
subjects:
- kind: ServiceAccount
  name: cluster-manager
  namespace: tensorsec
---
apiVersion: v1
kind: Secret
metadata:
  annotations:
    kubernetes.io/service-account.name: cluster-manager
  name: cluster-manager
  namespace: tensorsec
type: kubernetes.io/service-account-token