apiVersion: v1
kind: ServiceAccount
metadata:
  name: corednsctl
  namespace: corednsctl
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: corednsctl
rules:
- resources:
  - daemonsets
  apiGroups:
  - apps
  verbs:
  - get
  - list
  - watch
  - create
  - patch
  - update
  - delete
- resources:
  - deployments
  apiGroups:
  - apps
  verbs:
  - get
  - list
  - watch
  - create
  - patch
  - update
  - delete
- resources:
  - services
  apiGroups:
  - ""
  verbs:
  - get
  - list
  - watch
  - patch
  - update
  - create
- resources:
  - configmaps
  apiGroups:
  - ""
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: corednsctl
roleRef:
  name: corednsctl
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: corednsctl
  namespace: corednsctl
  kind: ServiceAccount