1  # This rule is not used by the project sandbox-k8s itself.
 2  # It is provided to allow the cluster admin to help manage permissions for users.
 3  #
 4  # Grants permissions to create, update, and delete resources within the sandbox.opensandbox.io.
 5  # This role is intended for users who need to manage these resources
 6  # but should not control RBAC or manage permissions for others.
 7  
 8  apiVersion: rbac.authorization.k8s.io/v1
 9  kind: ClusterRole
10  metadata:
11    labels:
12      app.kubernetes.io/name: opensandbox
13      app.kubernetes.io/managed-by: kustomize
14    name: batchsandbox-editor-role
15  rules:
16  - apiGroups:
17    - sandbox.opensandbox.io
18    resources:
19    - batchsandboxes
20    verbs:
21    - create
22    - delete
23    - get
24    - list
25    - patch
26    - update
27    - watch
28  - apiGroups:
29    - sandbox.opensandbox.io
30    resources:
31    - batchsandboxes/status
32    verbs:
33    - get