apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: diagnostic-collector-crd-reader
rules:
  - apiGroups:
    - cluster.x-k8s.io
    - infrastructure.cluster.x-k8s.io
    - controlplane.cluster.x-k8s.io
    - anywhere.eks.amazonaws.com
    - packages.eks.amazonaws.com
    - tinkerbell.org
    resources:
    - '*'
    verbs:
    - get
    - list
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/log
    verbs:
      - get
      - list
  - nonResourceURLs:
      - /
    verbs:
      - get
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: diagnostic-collector-crd-reader
subjects:
  - kind: ServiceAccount
    name: default
    namespace: eksa-diagnostics
roleRef:
  kind: ClusterRole
  name: diagnostic-collector-crd-reader
  apiGroup: rbac.authorization.k8s.io