antoinemartin/pod-reader.yaml

## pod-reader.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-reader
  namespace: default
rules:
- apiGroups: [ "" ]
  resources: [ "pods", "services"]
  verbs: [ "get", "list", "watch"]
- apiGroups: [ "extensions" ]
  resources: [ "deployments" ]
  verbs: [ "get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default-pod-reader
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pod-reader
subjects:
- kind: ServiceAccount
  name: default
  namespace: default
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: pod-reader
	namespace: default
	rules:
	- apiGroups: [ "" ]
	resources: [ "pods", "services"]
	verbs: [ "get", "list", "watch"]
	- apiGroups: [ "extensions" ]
	resources: [ "deployments" ]
	verbs: [ "get", "list", "watch"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: default-pod-reader
	namespace: default
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: pod-reader
	subjects:
	- kind: ServiceAccount
	name: default
	namespace: default