apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: edge-agent
rules:
- resources:
  - configmaps
  apiGroups:
  - ""
  resourceNames:
  - edge-info
  verbs:
  - get
- resources: ["kustomizations"]
  apiGroups: ["kustomize.toolkit.fluxcd.io"]
  verbs:
  - get
  - patch
- resources: ["helmreleases"]
  apiGroups: ["helm.toolkit.fluxcd.io"]
  verbs:
  - get
  - patch
- resources: ["virtualmachines/stop", "virtualmachines/start", "virtualmachines/restart"]
  apiGroups: ["subresources.kubevirt.io"]
  verbs:
  - patch
  - update
- resources: ["virtualmachineinstancemigrations"]
  apiGroups: ["kubevirt.io"]
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: edge-agent
roleRef:
  name: edge-agent
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: edge-agent
  namespace: edge-agent
  kind: ServiceAccount