apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: demo-apimgmt-gitops
rules:
- apiGroups: [""]
  resources: ["secrets","services","pvc"]
  verbs: ["*"]
- apiGroups: ["apps"]
  resources: ["statefulsets","deployments"]
  verbs: ["*"]
- apiGroups: ["project.openshift.io"]
  resources: ["projects"]
  verbs: ["*"]
- apiGroups: ["project.openshift.io"]
  resources: ["projects"]
  verbs: ["*"]
- apiGroups: ["image.openshift.io"]
  resources: ["imagestreams"]
  verbs: ["*"]
- apiGroups: ["route.openshift.io"]
  resources: ["routes","routes/custom-host"]
  verbs: ["*"]
- apiGroups: ["apps.openshift.io"]
  resources: ["deploymentconfigs"]
  verbs: ["*"]
- apiGroups: ["build.openshift.io"]
  resources: ["buildconfigs"]
  verbs: ["*"]
- apiGroups: ["keycloak.org"]
  resources: ["keycloaks"]
  verbs: ["*"]
- apiGroups: ["microcks.github.io"]
  resources: ["microcksinstalls"]
  verbs: ["*"]
- apiGroups: ["apps.3scale.net"]
  resources: ["apimanagers"]
  verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: demo-apimgmt-gitops
subjects:
  - kind: ServiceAccount
    name: openshift-gitops-argocd-application-controller
    namespace: openshift-gitops
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: demo-apimgmt-gitops