{
  apiVersion = "rbac.authorization.k8s.io/v1";
  kind = "ClusterRole";
  metadata = {
    labels = {
      app = "istiod";
      release = "istio-istiod";
    };
    name = "istiod-clusterrole-1-20-2-istio-system";
  };
  rules = [
    {
      apiGroups = ["admissionregistration.k8s.io"];
      resources = ["mutatingwebhookconfigurations"];
      verbs = ["get" "list" "watch" "update" "patch"];
    }
    {
      apiGroups = ["admissionregistration.k8s.io"];
      resources = ["validatingwebhookconfigurations"];
      verbs = ["get" "list" "watch" "update"];
    }
    {
      apiGroups = ["config.istio.io" "security.istio.io" "networking.istio.io" "authentication.istio.io" "rbac.istio.io" "telemetry.istio.io" "extensions.istio.io"];
      resources = ["*"];
      verbs = ["get" "watch" "list"];
    }
    {
      apiGroups = ["networking.istio.io"];
      resources = ["workloadentries"];
      verbs = ["get" "watch" "list" "update" "patch" "create" "delete"];
    }
    {
      apiGroups = ["networking.istio.io"];
      resources = ["workloadentries/status"];
      verbs = ["get" "watch" "list" "update" "patch" "create" "delete"];
    }
    {
      apiGroups = ["apiextensions.k8s.io"];
      resources = ["customresourcedefinitions"];
      verbs = ["get" "list" "watch"];
    }
    {
      apiGroups = [""];
      resources = ["pods" "nodes" "services" "namespaces" "endpoints"];
      verbs = ["get" "list" "watch"];
    }
    {
      apiGroups = ["discovery.k8s.io"];
      resources = ["endpointslices"];
      verbs = ["get" "list" "watch"];
    }
    {
      apiGroups = ["networking.k8s.io"];
      resources = ["ingresses" "ingressclasses"];
      verbs = ["get" "list" "watch"];
    }
    {
      apiGroups = ["networking.k8s.io"];
      resources = ["ingresses/status"];
      verbs = ["*"];
    }
    {
      apiGroups = [""];
      resources = ["configmaps"];
      verbs = ["create" "get" "list" "watch" "update"];
    }
    {
      apiGroups = ["authentication.k8s.io"];
      resources = ["tokenreviews"];
      verbs = ["create"];
    }
    {
      apiGroups = ["authorization.k8s.io"];
      resources = ["subjectaccessreviews"];
      verbs = ["create"];
    }
    {
      apiGroups = ["networking.x-k8s.io" "gateway.networking.k8s.io"];
      resources = ["*"];
      verbs = ["get" "watch" "list"];
    }
    {
      apiGroups = ["networking.x-k8s.io" "gateway.networking.k8s.io"];
      resources = ["*"];
      verbs = ["update" "patch"];
    }
    {
      apiGroups = ["gateway.networking.k8s.io"];
      resources = ["gatewayclasses"];
      verbs = ["create" "update" "patch" "delete"];
    }
    {
      apiGroups = [""];
      resources = ["secrets"];
      verbs = ["get" "watch" "list"];
    }
    {
      apiGroups = ["multicluster.x-k8s.io"];
      resources = ["serviceexports"];
      verbs = ["get" "watch" "list" "create" "delete"];
    }
    {
      apiGroups = ["multicluster.x-k8s.io"];
      resources = ["serviceimports"];
      verbs = ["get" "watch" "list"];
    }
  ];
}