---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: vault-unseal-role
  namespace: vault
rules:
  - apiGroups: [""]
    resources: 
      - "pods"
      - "pods/log"
    verbs: 
      - "get"
      - "list"
      - "watch"
      - "delete"
  - apiGroups: [""]
    resources: 
      - "pods/exec"
    verbs: 
      - "create"
  - apiGroups: [""]
    resources:
        - "secrets"
    verbs:
        - "*"