Manual cherry pick PR#73 to release-0.1 branch (#78)

* add aggregation labels to clustrroles

Signed-off-by: Jaideep Rao <jrao@redhat.com>
(cherry picked from commit e3696a2)

* Update config/rbac/mcpserver_admin_role.yaml

Co-authored-by: Mike Brown <brownwm@us.ibm.com>
(cherry picked from commit 1d35aec)

* Update config/rbac/mcpserver_editor_role.yaml

Co-authored-by: Mike Brown <brownwm@us.ibm.com>
(cherry picked from commit 38b611f)

* Update config/rbac/mcpserver_viewer_role.yaml

Co-authored-by: Mike Brown <brownwm@us.ibm.com>
(cherry picked from commit 16d76b8)

---------

Signed-off-by: Jaideep Rao <jrao@redhat.com>
Co-authored-by: Jaideep Rao <jrao@redhat.com>
Co-authored-by: Jaideep Rao <jaideep.r97@gmail.com>
Co-authored-by: Mike Brown <brownwm@us.ibm.com>

Author: 3 people

config/rbac/mcpserver_admin_role.yaml

@@ -14,6 +14,8 @@ metadata:
   labels:
     app.kubernetes.io/name: mcp-lifecycle-operator
     app.kubernetes.io/managed-by: kustomize
+    # Add these permissions to the "admin" default role.
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: mcpserver-admin-role
 rules:
 - apiGroups:

config/rbac/mcpserver_editor_role.yaml

@@ -14,6 +14,8 @@ metadata:
   labels:
     app.kubernetes.io/name: mcp-lifecycle-operator
     app.kubernetes.io/managed-by: kustomize
+    # Add these permissions to the "edit" default role.
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: mcpserver-editor-role
 rules:
 - apiGroups:

config/rbac/mcpserver_viewer_role.yaml

@@ -14,6 +14,8 @@ metadata:
   labels:
     app.kubernetes.io/name: mcp-lifecycle-operator
     app.kubernetes.io/managed-by: kustomize
+    # Add these permissions to the "view" default role.
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
   name: mcpserver-viewer-role
 rules:
 - apiGroups: