You try to edit cluster role admin

kubectl edit ClusterRole admin

In this example we are trying to add the following rule

rules:
- apiGroups:
  - secrets.hashicorp.com
  resources:
  - vaultauths
  verbs:
  - get
  - list

we checked the resource is existing:

$ kubectl api-resources | grep vaultauths
vaultauths                                                secrets.hashicorp.com/v1beta1           true         VaultAuth

After editing it will give you a message that it was edited successfully

$ kubectl edit ClusterRole admin
clusterrole.rbac.authorization.k8s.io/admin edited

but when you check using desribe command the changes were not there

$kubectl describe ClusterRole admin | grep vaultauths

This is by design, you cannot edit default ClusterRole admin. The admin ClusterRole in Kubernetes is often a default, system-managed resource, and direct modification of such roles can be prevented or overwritten by the system's reconciliation processes. This behavior is intentional to maintain the integrity and functionality of core RBAC components.

Instead of editing default ClusterRole admin, create a new ClusterRole instead and use the newly created ClusterRole to add the necessary rules or changes.

Role Based Access Control Good Practices

Auto Reconciliation