apiVersion: v1
kind: ServiceAccount
metadata:
  name: sit-robot
  namespace: tpex-sitlocal-robot


---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: tpex-sitlocal-robot
  name: pod-operator
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "create","watch","delete"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get", "list","create","watch","delete"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: prod-pod-binding
  namespace: tpex-sitlocal-robot
subjects:
- kind: ServiceAccount
  name: sit-robot
  namespace: tpex-sitlocal-robot
roleRef:
  kind: Role
  name: pod-operator
  apiGroup: rbac.authorization.k8s.io