apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: garage-manage-crds
rules:
- apiGroups: ["apiextensions.k8s.io"]
  resources: ["customresourcedefinitions"]
  verbs: ["get", "list", "watch", "create", "patch"]
- apiGroups: ["deuxfleurs.fr"]
  resources: ["garagenodes"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: garage-allow-crds
subjects:
- kind: ServiceAccount
  name: garage
roleRef:
  kind: ClusterRole
  name: garage-manage-crds
  apiGroup: rbac.authorization.k8s.io