kubs/charts/gpu-operator/templates/clusterrole.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: gpu-operator
  labels:
    {{- include "gpu-operator.labels" . | nindent 4 }}
    app.kubernetes.io/component: "gpu-operator"
rules:
- apiGroups:
  - config.openshift.io
  resources:
  - clusterversions
  - proxies
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - image.openshift.io
  resources:
  - imagestreams
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - security.openshift.io
  resources:
  - securitycontextconstraints
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
  - use
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  - clusterrolebindings
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
  - update
  - patch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
  - create
  - watch
  - update
  - patch
- apiGroups:
  - ""
  resources:
  - events
  - pods
  - pods/eviction
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
- apiGroups:
  - apps
  resources:
  - daemonsets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - nvidia.com
  resources:
  - clusterpolicies
  - clusterpolicies/finalizers
  - clusterpolicies/status
  - nvidiadrivers
  - nvidiadrivers/finalizers
  - nvidiadrivers/status
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
  - deletecollection
- apiGroups:
  - scheduling.k8s.io
  resources:
  - priorityclasses
  verbs:
  - get
  - list
  - watch
  - create
- apiGroups:
  - node.k8s.io
  resources:
  - runtimeclasses
  verbs:
  - get
  - list
  - create
  - update
  - watch
  - delete
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - get
  - list
  - watch
  - update
  - patch
  - create
{{- if .Values.operator.cleanupCRD }}
  - delete
{{- end }}