blessedwithsins/nginx.yaml

## nginx.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: nginx-service-account
  namespace: nginx
rules:
- apiGroups: ["apps/v1"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: nginx-serviceaccount-rolebinding
  namespace: nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: nginx-service-account
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: default
  namespace: nginx
---

## test.sh
#!/usr/bin/env bash
set -euo pipefail

SECRET="$(kubectl -n nginx get serviceaccount default -o jsonpath="{.secrets[0].name}")"
TOKEN="$(kubectl -n nginx get secret $SECRET -o jsonpath="{.data.token}" | base64 -d)"
curl.exe -k -H "Authorization: Bearer $TOKEN" https://$FQDN:443/apis/apps/v1/namespaces/nginx/deployments
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: nginx
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: nginx-service-account
	namespace: nginx
	rules:
	- apiGroups: ["apps/v1"]
	resources: ["deployments"]
	verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: nginx-serviceaccount-rolebinding
	namespace: nginx
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: nginx-service-account
	subjects:
	- apiGroup: ""
	kind: ServiceAccount
	name: default
	namespace: nginx
	---
	#!/usr/bin/env bash
	set -euo pipefail

	SECRET="$(kubectl -n nginx get serviceaccount default -o jsonpath="{.secrets[0].name}")"
	TOKEN="$(kubectl -n nginx get secret $SECRET -o jsonpath="{.data.token}" \| base64 -d)"
	curl.exe -k -H "Authorization: Bearer $TOKEN" https://$FQDN:443/apis/apps/v1/namespaces/nginx/deployments