---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metal3-baremetal-operator

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: metal3-baremetal-operator
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - "*"
- apiGroups:
  - ""
  resources:
  - events
  - secrets
  verbs:
  - "*"
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - monitoring.coreos.com
  resources:
  - servicemonitors
  verbs:
  - get
  - create
- apiGroups:
  - metal3.io
  resources:
  - baremetalhosts
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - metal3.io
  resources:
  - baremetalhosts/status
  verbs:
  - get
  - patch
  - update

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: metal3-baremetal-operator
subjects:
- kind: ServiceAccount
  name: metal3-baremetal-operator
- kind: User
  name: developer
roleRef:
  kind: ClusterRole
  name: metal3-baremetal-operator
  apiGroup: rbac.authorization.k8s.io