---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "upgrade-controller.fullname" . }}
  labels:
    {{- include "upgrade-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
  - get
  - list
  - watch
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - get
- apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - create
  - get
  - list
  - watch
- apiGroups:
  - batch
  resources:
  - jobs/status
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - helm.cattle.io
  resources:
  - helmcharts
  verbs:
  - create
  - get
  - list
  - update
  - watch
- apiGroups:
  - helm.cattle.io
  resources:
  - helmcharts/status
  verbs:
  - get
- apiGroups:
  - lifecycle.suse.com
  resources:
  - releasemanifests
  verbs:
  - create
  - get
  - list
  - watch
- apiGroups:
  - lifecycle.suse.com
  resources:
  - upgradeplans
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - lifecycle.suse.com
  resources:
  - upgradeplans/finalizers
  verbs:
  - update
- apiGroups:
  - lifecycle.suse.com
  resources:
  - upgradeplans/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - upgrade.cattle.io
  resources:
  - plans
  verbs:
  - create
  - delete
  - get
  - list
  - watch