apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: developer
  labels:
    app: kyverno-config
rules:
- apiGroups: [""]
  resources:
  - pods
  - pods/log
  - pods/exec
  - services
  - configmaps
  - persistentvolumeclaims
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
  resources:
  - deployments
  - statefulsets
  - daemonsets
  - replicasets
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["batch"]
  resources:
  - jobs
  - cronjobs
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["networking.k8s.io"]
  resources:
  - ingresses
  verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
  resources:
  - secrets
  verbs: ["get", "list", "watch"]   # только чтение секретов