kyverno/config/k8s-resource/aggregateroles.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: kyverno
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: kyverno:admin-policies
rules:
- apiGroups:
  - kyverno.io
  resources:
  - policies
  - clusterpolicies
  verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: kyverno
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: kyverno:admin-policyreport
rules:
  - apiGroups:
      - wgpolicyk8s.io/v1alpha2
    resources:
      - policyreports
      - clusterpolicyreports
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: kyverno
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: kyverno:admin-reportchangerequest
rules:
- apiGroups:
  - kyverno.io
  resources:
  - reportchangerequests
  - clusterreportchangerequests
  verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch