apiVersion: v1 kind: ServiceAccount metadata: name: firewallctl namespace: firewallctl --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: firewallctl rules: - resources: - clusterfirewall apiGroups: - dsds.edge.ncr.com verbs: - get - list - watch - create - update - patch - resources: - nodefirewall apiGroups: - dsds.edge.ncr.com verbs: - get - list - watch - create - update - delete - patch - resources: - nodes apiGroups: - "" verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: firewallctl roleRef: name: firewallctl kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: firewallctl namespace: firewallctl kind: ServiceAccount