#! Copyright 2020 the Pinniped contributors. All Rights Reserved. #! SPDX-License-Identifier: Apache-2.0 #@ load("@ytt:data", "data") #! Give permission to various objects within the app's own namespace --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: local-user-authenticator-aggregated-api-server-role namespace: local-user-authenticator rules: - apiGroups: [""] resources: [secrets] verbs: [create, get, list, patch, update, watch] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: local-user-authenticator-aggregated-api-server-role-binding namespace: local-user-authenticator subjects: - kind: ServiceAccount name: local-user-authenticator-service-account namespace: local-user-authenticator roleRef: kind: Role name: local-user-authenticator-aggregated-api-server-role apiGroup: rbac.authorization.k8s.io