apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    meta.helm.sh/release-name: rook-ceph
    meta.helm.sh/release-namespace: rook-ceph
  creationTimestamp: "2026-03-12T19:29:50Z"
  labels:
    app.kubernetes.io/created-by: helm
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: rook-ceph-operator
    helm.sh/chart: rook-ceph-v1.15.9
    operator: rook
    storage-backend: ceph
  name: rook-ceph-global
  resourceVersion: "7542"
  uid: 26d2f376-fb1e-4f9e-a785-f10677b6f6b5
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/proxy
  - secrets
  - configmaps
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  - persistentvolumes
  - persistentvolumeclaims
  - endpoints
  - services
  verbs:
  - get
  - list
  - watch
  - patch
  - create
  - update
  - delete
- apiGroups:
  - storage.k8s.io
  resources:
  - storageclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - batch
  resources:
  - jobs
  - cronjobs
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
  - deletecollection
- apiGroups:
  - ceph.rook.io
  resources:
  - cephclients
  - cephclusters
  - cephblockpools
  - cephfilesystems
  - cephnfses
  - cephobjectstores
  - cephobjectstoreusers
  - cephobjectrealms
  - cephobjectzonegroups
  - cephobjectzones
  - cephbuckettopics
  - cephbucketnotifications
  - cephrbdmirrors
  - cephfilesystemmirrors
  - cephfilesystemsubvolumegroups
  - cephblockpoolradosnamespaces
  - cephcosidrivers
  verbs:
  - get
  - list
  - watch
  - update
- apiGroups:
  - ceph.rook.io
  resources:
  - cephclients/status
  - cephclusters/status
  - cephblockpools/status
  - cephfilesystems/status
  - cephnfses/status
  - cephobjectstores/status
  - cephobjectstoreusers/status
  - cephobjectrealms/status
  - cephobjectzonegroups/status
  - cephobjectzones/status
  - cephbuckettopics/status
  - cephbucketnotifications/status
  - cephrbdmirrors/status
  - cephfilesystemmirrors/status
  - cephfilesystemsubvolumegroups/status
  - cephblockpoolradosnamespaces/status
  verbs:
  - update
- apiGroups:
  - ceph.rook.io
  resources:
  - cephclients/finalizers
  - cephclusters/finalizers
  - cephblockpools/finalizers
  - cephfilesystems/finalizers
  - cephnfses/finalizers
  - cephobjectstores/finalizers
  - cephobjectstoreusers/finalizers
  - cephobjectrealms/finalizers
  - cephobjectzonegroups/finalizers
  - cephobjectzones/finalizers
  - cephbuckettopics/finalizers
  - cephbucketnotifications/finalizers
  - cephrbdmirrors/finalizers
  - cephfilesystemmirrors/finalizers
  - cephfilesystemsubvolumegroups/finalizers
  - cephblockpoolradosnamespaces/finalizers
  verbs:
  - update
- apiGroups:
  - policy
  - apps
  - extensions
  resources:
  - poddisruptionbudgets
  - deployments
  - replicasets
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
  - deletecollection
- apiGroups:
  - apps
  resources:
  - deployments/finalizers
  verbs:
  - update
- apiGroups:
  - healthchecking.openshift.io
  resources:
  - machinedisruptionbudgets
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
- apiGroups:
  - machine.openshift.io
  resources:
  - machines
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
- apiGroups:
  - storage.k8s.io
  resources:
  - csidrivers
  verbs:
  - create
  - delete
  - get
  - update
- apiGroups:
  - k8s.cni.cncf.io
  resources:
  - network-attachment-definitions
  verbs:
  - get