# borrowed from https://cloud.weave.works/k8s/scope.yaml?k8s-version=1.9.3
# with little modificatios to reduce permissions
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    name: weave-scope
  name: weave-scope
  namespace: weave
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  - replicationcontrollers
  - services
  - nodes
  - persistentvolumes
  - persistentvolumeclaims
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - delete
- apiGroups:
  - apps
  resources:
  - deployments
  - statefulsets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - daemonsets
  - deployments
  - deployments/scale
  - replicasets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - deployments/scale
  verbs:
  - update
- apiGroups:
  - storage.k8s.io
  resources:
  - storageclasses
  verbs:
  - list
  - watch
- apiGroups:
  - extensions
  resourceNames:
  - weave-scope
  resources:
  - podsecuritypolicies
  verbs:
  - use
- apiGroups:
  - volumesnapshot.external-storage.k8s.io
  resources:
  - volumesnapshots
  - volumesnapshotdatas
  verbs:
  - list
  - watch