---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: "2026-06-08T12:02:51Z"
  labels:
    rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
  managedFields:
  - apiVersion: rbac.authorization.k8s.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:labels:
          f:rbac.authorization.k8s.io/aggregate-to-cluster-reader: {}
        f:ownerReferences:
          k:{"uid":"94e5ec6a-48fa-4138-a9b2-5d4061d36f2d"}: {}
      f:rules: {}
    manager: cluster-network-operator/operconfig
    operation: Apply
    time: "2026-06-08T12:02:51Z"
  name: openshift-ovn-kubernetes-cluster-reader
  ownerReferences:
  - apiVersion: operator.openshift.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: Network
    name: cluster
    uid: 94e5ec6a-48fa-4138-a9b2-5d4061d36f2d
  resourceVersion: "2528"
  uid: 380a2fb2-3b40-4714-8493-1f89c6900e38
rules:
- apiGroups:
  - k8s.ovn.org
  resources:
  - egressfirewalls
  - egressips
  - egressqoses
  - egressservices
  - adminpolicybasedexternalroutes
  - userdefinednetworks
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - policy.networking.k8s.io
  resources:
  - adminnetworkpolicies
  - baselineadminnetworkpolicies
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - network.operator.openshift.io
  resources:
  - egressrouters
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - k8s.cni.cncf.io
  resources:
  - network-attachment-definitions
  verbs:
  - get
  - list
  - watch