sip/config/rbac/sipcluster_scheduler_role.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: scheduler-role
  namespace: metal3
rules:
- apiGroups:
  - metal3.io
  resources:
  - baremetalhosts
  verbs:
  - get
  - list
  - patch
  - watch
  - update
- apiGroups:
  - ""
  - apps
  resources:
  - secrets
  - deployments
  verbs:
  - get
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cluster-scheduler-role
rules:
- apiGroups:
  - metal3.io
  resources:
  - baremetalhosts
  verbs:
  - get
  - list
  - patch
  - watch
  - update
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
  - update
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: sipcluster-infra-service
rules:
- apiGroups:
  - ""
  - apps
  resources:
  - configmaps
  - deployments
  - services
  verbs:
  - create
  - delete
  - update
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cluster-certmanager-role
rules:
- apiGroups:
  - cert-manager.io
  resources:
  - clusterissuers
  verbs:
  - get
  - list
  - watch
  - create
  - update