--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: manager-role rules: - apiGroups: - "" resources: - serviceaccounts verbs: - get - list - watch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations verbs: - get - list - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: manager-role namespace: azure-workload-identity-system rules: - apiGroups: - "" resources: - secrets verbs: - create - delete - get - list - patch - update - watch