apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: agent-role rules: - apiGroups: [""] resources: ["pods", "nodes", "namespaces", "endpoints"] verbs: ["list", "watch", "get"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["list", "watch", "get"] - apiGroups: [""] resources: ["services"] verbs: ["list", "watch"] - apiGroups: ["apps"] resources: ["replicasets", "daemonsets", "deployments", "statefulsets"] verbs: ["list", "watch", "get"] - apiGroups: ["batch"] resources: ["jobs"] verbs: ["list", "watch"] - apiGroups: [""] resources: ["nodes/proxy"] verbs: ["get"] - apiGroups: [""] resources: ["nodes/stats", "configmaps", "events"] verbs: ["create", "get"] - apiGroups: [""] resources: ["configmaps"] resourceNames: ["cwagent-clusterleader"] verbs: ["get","update"] - nonResourceURLs: ["/metrics"] verbs: ["get", "list", "watch"]