samcre/deploy-rolebinding.yaml

## deploy-rolebinding.yaml
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 name: deployer-binding
 namespace: ${NAMESPACE}
subjects:
 - kind: Group
   name: deploys
   namespace: ${NAMESPACE}
   apiGroup: rbac.authorization.k8s.io
roleRef:
 kind: Role
 name: deployer
 apiGroup: rbac.authorization.k8s.io

## deploys-role.yaml
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 name: deployer
 namespace: ${NAMESPACE}
rules:
- apiGroups: ["apps", "extensions"]
 resources: ["deployments"]
 verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""] # "" indicates the core API group
 resources: ["configmaps", "secrets"]
 verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""] # "" indicates the core API group
 resources: ["pods"]
 verbs: ["get", "list", "watch"]
	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: deployer-binding
	namespace: ${NAMESPACE}
	subjects:
	- kind: Group
	name: deploys
	namespace: ${NAMESPACE}
	apiGroup: rbac.authorization.k8s.io
	roleRef:
	kind: Role
	name: deployer
	apiGroup: rbac.authorization.k8s.io