---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: postgres-operator
rules:
- apiGroups:
  - ''
  resources:
  - configmaps
  - persistentvolumeclaims
  - secrets
  - services
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - watch
- apiGroups:
  - ''
  resources:
  - endpoints
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - watch
- apiGroups:
  - ''
  resources:
  - endpoints/restricted
  - pods/exec
  verbs:
  - create
- apiGroups:
  - ''
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - ''
  resources:
  - pods
  verbs:
  - delete
  - get
  - list
  - patch
  - watch
- apiGroups:
  - ''
  resources:
  - serviceaccounts
  verbs:
  - create
  - get
  - list
  - patch
  - watch
- apiGroups:
  - apps
  resources:
  - deployments
  - statefulsets
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - watch
- apiGroups:
  - policy
  resources:
  - poddisruptionbudgets
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - watch
- apiGroups:
  - postgres-operator.crunchydata.com
  resources:
  - pgadmins
  - pgupgrades
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - postgres-operator.crunchydata.com
  resources:
  - pgadmins/finalizers
  - pgupgrades/finalizers
  - postgresclusters/finalizers
  verbs:
  - update
- apiGroups:
  - postgres-operator.crunchydata.com
  resources:
  - pgadmins/status
  - pgupgrades/status
  - postgresclusters/status
  verbs:
  - patch
- apiGroups:
  - postgres-operator.crunchydata.com
  resources:
  - postgresclusters
  verbs:
  - get
  - list
  - patch
  - watch
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  - roles
  verbs:
  - create
  - get
  - list
  - patch
  - watch