--- # Source: kubernetes-external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubernetes-external-secrets labels: app.kubernetes.io/name: kubernetes-external-secrets rules: - apiGroups: [""] resources: ["secrets"] verbs: ["create", "update", "get"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "watch", "list"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] resourceNames: ["externalsecrets.kubernetes-client.io"] verbs: ["get", "update"] - apiGroups: ["kubernetes-client.io"] resources: ["externalsecrets"] verbs: ["get", "watch", "list"] - apiGroups: ["kubernetes-client.io"] resources: ["externalsecrets/status"] verbs: ["get", "update"] --- # Source: kubernetes-external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-external-secrets labels: app.kubernetes.io/name: kubernetes-external-secrets roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-external-secrets subjects: - name: kubernetes-external-secrets-sa namespace: "default" kind: ServiceAccount --- # Source: kubernetes-external-secrets/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-external-secrets-auth labels: app.kubernetes.io/name: kubernetes-external-secrets roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - name: kubernetes-external-secrets-sa namespace: "default" kind: ServiceAccount