From 53b324d5d6dbd246ebf31c8f7c212c2fd40c2e0b Mon Sep 17 00:00:00 2001
From: F1ko <fiko.best@gmail.com>
Date: Fri, 5 Jun 2020 15:52:39 +0200
Subject: [PATCH] add aggregated view clusterroles for default k8s roles (view,
 edit and admin)

---
 definitions/install.yaml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/definitions/install.yaml b/definitions/install.yaml
index 7ac88d0732..734f541e4b 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -495,13 +495,27 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
-  name: kyverno:policyviolations
+  name: kyverno:view-policyviolations
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
 - apiGroups: ["kyverno.io"]
   resources:
   - policyviolations
   verbs: ["get", "list", "watch"]
 ---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: kyverno:view-clusterpolicyviolations
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups: ["kyverno.io"]
+  resources:
+  - clusterpolicyviolations
+  verbs: ["get", "list", "watch"]
+---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata: