hardillb · May 10, 2026 20:24
diff --git a/example.yaml b/example.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
  name: manager
  labels:
    name: manager
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: target
  labels:
    name: target
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: controller-service-account
  namespace: manager
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: controller-pod
  namespace: manager
 spec:
  serviceAccountName: controller-service-account
  containers:
  - name: controller
    image: example/controller:latest
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: full-access-role
  namespace: target
 rules:
 - apiGroups: [""]
  resources: ["pods", "pods/log", "pods/exec", "pods/status"]
  verbs: ["create", "patch", "get", "list", "watch", "delete"] 
 - apiGroups: ["apps"]
  resources: ["deployments", "deployment/status"]
  verbs: ["create", "patch", "get", "list", "update", "watch", "delete"]
 - apiGroups: [""]
  resources: ["persistentvolumes", "persistentvolumeclaims"]
  verbs: ["create", "patch", "get", "list", "watch", "delete"] 
 - apiGroups: [""]
  resources: ["services"]
  verbs: ["create", "patch", "get", "list", "watch", "delete"]
 - apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create", "patch", "get", "list", "watch", "delete"]
 - apiGroups: [""]
  resources: ["endpoints"]
  verbs: ["get", "list"]
 - apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["create", "patch", "get", "list", "watch", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name:  full-access-binding
  namespace: target
 subjects:
 - kind: ServiceAccount
  name: controller-service-account
  namespace: manager
 roleRef:
  kind: Role
  name:  full-access-role
  apiGroup: rbac.authorization.k8s.io
	apiVersion: v1
	kind: Namespace
	metadata:
	name: manager
	labels:
	name: manager
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: target
	labels:
	name: target
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: controller-service-account
	namespace: manager
	---
	apiVersion: v1
	kind: Pod
	metadata:
	name: controller-pod
	namespace: manager
	spec:
	serviceAccountName: controller-service-account
	containers:
	- name: controller
	image: example/controller:latest
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: full-access-role
	namespace: target
	rules:
	- apiGroups: [""]
	resources: ["pods", "pods/log", "pods/exec", "pods/status"]
	verbs: ["create", "patch", "get", "list", "watch", "delete"]
	- apiGroups: ["apps"]
	resources: ["deployments", "deployment/status"]
	verbs: ["create", "patch", "get", "list", "update", "watch", "delete"]
	- apiGroups: [""]
	resources: ["persistentvolumes", "persistentvolumeclaims"]
	verbs: ["create", "patch", "get", "list", "watch", "delete"]
	- apiGroups: [""]
	resources: ["services"]
	verbs: ["create", "patch", "get", "list", "watch", "delete"]
	- apiGroups: [""]
	resources: ["secrets"]
	verbs: ["create", "patch", "get", "list", "watch", "delete"]
	- apiGroups: [""]
	resources: ["endpoints"]
	verbs: ["get", "list"]
	- apiGroups: ["networking.k8s.io"]
	resources: ["ingresses"]
	verbs: ["create", "patch", "get", "list", "watch", "delete"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: full-access-binding
	namespace: target
	subjects:
	- kind: ServiceAccount
	name: controller-service-account
	namespace: manager
	roleRef:
	kind: Role
	name: full-access-role
	apiGroup: rbac.authorization.k8s.io
No results found