github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/crier_rbac.yaml

# Copyright 2019 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
kind: ServiceAccount
apiVersion: v1
metadata:
  annotations:
    iam.gke.io/gcp-service-account: control-plane@k8s-prow.iam.gserviceaccount.com
  name: crier
  namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: crier
rules:
- apiGroups:
    - "prow.k8s.io"
  resources:
    - "prowjobs"
  verbs:
    - "get"
    - "watch"
    - "list"
    - "patch"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: test-pods
  name: crier
rules:
- apiGroups:
    - ""
  resources:
    - "pods"
    - "events"
  verbs:
    - "get"
    - "list"
- apiGroups:
    - ""
  resources:
    - "pods"
  verbs:
    - "patch"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: crier-namespaced
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: crier
subjects:
- kind: ServiceAccount
  name: crier
  namespace: default
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: crier-namespaced
  namespace: test-pods
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: crier
subjects:
- kind: ServiceAccount
  name: crier
  namespace: default