kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pod-reader rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] verbs: ["get", "watch", "list"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: read-pods subjects: # Uses the default service account. # Consider creating a dedicated service account to run your # Pekko Cluster services and binding the role to that one. - kind: ServiceAccount name: default roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io