apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: default-sa-reader-lab labels: kiamol: ch17-lab rules: - apiGroups: [""] #core resources: ["serviceaccounts"] verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kube-explorer-lab-sa-default namespace: default labels: kiamol: ch17-lab subjects: - kind: ServiceAccount name: kube-explorer-lab namespace: kiamol-ch17-lab roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: default-sa-reader-lab --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kube-explorer-lab-sa-ns namespace: kiamol-ch17-lab labels: kiamol: ch17-lab subjects: - kind: ServiceAccount name: kube-explorer-lab namespace: kiamol-ch17-lab roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: default-sa-reader-lab