groundnuty/serviceaccount_fix.yaml

## serviceaccount_fix.yaml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: default-readonly-role
rules:
  - verbs: ["get"]
    nonResourceURLs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: kubelet-role
rules:
  - apiGroups: ["*"]
    resources:
      - configmaps
      - persistentvolumes
      - persistentvolumeclaims
      - secrets
      - services
      - healthz
    verbs: ["get", "watch", "list"]
  - apiGroups: ["*"]
    resources:
      - events
      - nodes
      - nodes/status
      - pods
      - pods/status
    verbs: ["*"]
  - verbs: ["*"]
    nonResourceURLs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kube-system-admin
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: default-readonly-role-binding
subjects:
  - kind: User
    name: "*"
roleRef:
  kind: ClusterRole
  name: default-readonly-role
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kubelet-role-binding
subjects:
  - kind: User
    name: kubelet
roleRef:
  kind: ClusterRole
  name: kubelet-role
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kube-system-service-account-role-binding
subjects:
  - kind: ServiceAccount
    name: default
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: kube-system-admin
  apiGroup: rbac.authorization.k8s.io
	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: default-readonly-role
	rules:
	- verbs: ["get"]
	nonResourceURLs: ["*"]
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRole
	metadata:
	name: kubelet-role
	rules:
	- apiGroups: ["*"]
	resources:
	- configmaps
	- persistentvolumes
	- persistentvolumeclaims
	- secrets
	- services
	- healthz
	verbs: ["get", "watch", "list"]
	- apiGroups: ["*"]
	resources:
	- events
	- nodes
	- nodes/status
	- pods
	- pods/status
	verbs: ["*"]
	- verbs: ["*"]
	nonResourceURLs: ["*"]
	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: kube-system-admin
	rules:
	- apiGroups: ["*"]
	resources: ["*"]
	verbs: ["*"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: default-readonly-role-binding
	subjects:
	- kind: User
	name: "*"
	roleRef:
	kind: ClusterRole
	name: default-readonly-role
	apiGroup: rbac.authorization.k8s.io
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: kubelet-role-binding
	subjects:
	- kind: User
	name: kubelet
	roleRef:
	kind: ClusterRole
	name: kubelet-role
	apiGroup: rbac.authorization.k8s.io
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: kube-system-service-account-role-binding
	subjects:
	- kind: ServiceAccount
	name: default
	namespace: kube-system
	roleRef:
	kind: ClusterRole
	name: kube-system-admin
	apiGroup: rbac.authorization.k8s.io