Include admin ClusterRole and add it to the scaffold

Author: damsien

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_admin_role.yaml

@@ -0,0 +1,28 @@
+# This rule is not used by the project project itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Provides full permissions (create, update, delete) over all custom resource objects
+# for the specified API resources across the cluster. In addition to resource management,
+# it grants users the ability to modify roles and bindings within the cluster,
+# allowing them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: project
+    app.kubernetes.io/managed-by: kustomize
+  name: cronjob-admin-role
+rules:
+- apiGroups:
+  - batch.tutorial.kubebuilder.io
+  resources:
+  - cronjobs
+  verbs:
+  - '*'
+- apiGroups:
+  - batch.tutorial.kubebuilder.io
+  resources:
+  - cronjobs/status
+  verbs:
+  - get

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_editor_role.yaml

@@ -1,4 +1,11 @@
-# permissions for end users to edit cronjobs.
+# This rule is not used by the project project itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Allows users to modify all custom resources for project on the cluster.
+# This role enables users to create, update, and delete resources,
+# making it suitable for team members who need to manage resources
+# but should not control RBAC or manage permissions for others.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_viewer_role.yaml

@@ -1,4 +1,10 @@
-# permissions for end users to view cronjobs.
+# This rule is not used by the project project itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to CronJob resources.
+# This role is intended for users who need visibility into the resources
+# without any permissions to modify them. It’s ideal for monitoring purposes and limited-access viewing.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml

@@ -18,10 +18,11 @@ resources:
 - metrics_auth_role.yaml
 - metrics_auth_role_binding.yaml
 - metrics_reader_role.yaml
-# For each CRD, "Editor" and "Viewer" roles are scaffolded by
+# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines
 # if you do not want those helpers be installed with your Project.
+- cronjob_admin_role.yaml
 - cronjob_editor_role.yaml
 - cronjob_viewer_role.yaml
 

docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml

@@ -3865,6 +3865,27 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: project
+  name: project-cronjob-admin-role
+rules:
+- apiGroups:
+  - batch.tutorial.kubebuilder.io
+  resources:
+  - cronjobs
+  verbs:
+  - '*'
+- apiGroups:
+  - batch.tutorial.kubebuilder.io
+  resources:
+  - cronjobs/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   labels:
     app.kubernetes.io/managed-by: kustomize

docs/book/src/getting-started/testdata/project/config/rbac/kustomization.yaml

@@ -18,10 +18,11 @@ resources:
 - metrics_auth_role.yaml
 - metrics_auth_role_binding.yaml
 - metrics_reader_role.yaml
-# For each CRD, "Editor" and "Viewer" roles are scaffolded by
+# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines
 # if you do not want those helpers be installed with your Project.
+- memcached_admin_role.yaml
 - memcached_editor_role.yaml
 - memcached_viewer_role.yaml
 

docs/book/src/getting-started/testdata/project/config/rbac/memcached_admin_role.yaml

@@ -0,0 +1,28 @@
+# This rule is not used by the project project itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Provides full permissions (create, update, delete) over all custom resource objects
+# for the specified API resources across the cluster. In addition to resource management,
+# it grants users the ability to modify roles and bindings within the cluster,
+# allowing them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: project
+    app.kubernetes.io/managed-by: kustomize
+  name: memcached-admin-role
+rules:
+- apiGroups:
+  - cache.example.com
+  resources:
+  - memcacheds
+  verbs:
+  - '*'
+- apiGroups:
+  - cache.example.com
+  resources:
+  - memcacheds/status
+  verbs:
+  - get

docs/book/src/getting-started/testdata/project/config/rbac/memcached_editor_role.yaml

@@ -1,4 +1,11 @@
-# permissions for end users to edit memcacheds.
+# This rule is not used by the project project itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Allows users to modify all custom resources for project on the cluster.
+# This role enables users to create, update, and delete resources,
+# making it suitable for team members who need to manage resources
+# but should not control RBAC or manage permissions for others.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/getting-started/testdata/project/config/rbac/memcached_viewer_role.yaml

@@ -1,4 +1,10 @@
-# permissions for end users to view memcacheds.
+# This rule is not used by the project project itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to Memcached resources.
+# This role is intended for users who need visibility into the resources
+# without any permissions to modify them. It’s ideal for monitoring purposes and limited-access viewing.
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

docs/book/src/getting-started/testdata/project/dist/install.yaml

@@ -234,6 +234,27 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: project
+  name: project-memcached-admin-role
+rules:
+- apiGroups:
+  - cache.example.com
+  resources:
+  - memcacheds
+  verbs:
+  - '*'
+- apiGroups:
+  - cache.example.com
+  resources:
+  - memcacheds/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   labels:
     app.kubernetes.io/managed-by: kustomize