kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: istio-reader rules: - apiGroups: [''] resources: ['nodes', 'pods', 'services', 'endpoints', "replicationcontrollers"] verbs: ['get', 'watch', 'list'] - apiGroups: ["extensions", "apps"] resources: ["replicasets"] verbs: ["get", "list", "watch"]
