return clusterole isSystem label

api/http/models/kubernetes/cluster_roles.go

@@ -5,4 +5,6 @@ import "time"
 type K8sClusterRole struct {
 	Name         string    `json:"name"`
 	CreationDate time.Time `json:"creationDate"`
+	Uid          string    `json:"uid"`
+	IsSystem     bool      `json:"isSystem"`
 }

api/kubernetes/cli/cluster_role.go

@@ -3,6 +3,7 @@ package cli
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	models "github.com/portainer/portainer/api/http/models/kubernetes"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -39,5 +40,33 @@ func parseClusterRole(clusterRole rbacv1.ClusterRole) models.K8sClusterRole {
 	return models.K8sClusterRole{
 		Name:         clusterRole.Name,
 		CreationDate: clusterRole.CreationTimestamp.Time,
+		Uid:          string(clusterRole.UID),
+		IsSystem:     isSystemClusterRole(&clusterRole),
 	}
 }
+
+func isSystemClusterRole(role *rbacv1.ClusterRole) bool {
+	if role.Namespace == "kube-system" || role.Namespace == "kube-public" ||
+		role.Namespace == "kube-node-lease" || role.Namespace == "portainer" {
+		return true
+	}
+
+	if strings.HasPrefix(role.Name, "system:") {
+		return true
+	}
+
+	if role.Labels != nil {
+		if role.Labels["kubernetes.io/bootstrapping"] == "rbac-defaults" {
+			return true
+		}
+	}
+
+	roles := getPortainerDefaultK8sRoleNames()
+	for i := range roles {
+		if role.Name == roles[i] {
+			return true
+		}
+	}
+
+	return false
+}

api/kubernetes/cli/role.go

@@ -108,3 +108,9 @@ func (kcl *KubeClient) upsertPortainerK8sClusterRoles() error {
 
 	return nil
 }
+
+func getPortainerDefaultK8sRoleNames() []string {
+	return []string{
+		string(portainerUserCRName),
+	}
+}