--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: kanidm-repl namespace: kanidm labels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create"] - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kanidm-repl-certs"] verbs: ["get", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kanidm-repl namespace: kanidm labels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm subjects: - kind: ServiceAccount name: kanidm namespace: kanidm roleRef: kind: Role name: kanidm-repl apiGroup: rbac.authorization.k8s.io