---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: airwave-rbac
  name: airwave-rbac-su-role
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows the user "dar" to read pods in the "airwave-rbac" namespace.
kind: RoleBinding
metadata:
  name: airwave-rbac-su-binding
  namespace: airwave-rbac
subjects:
- kind: Group
  name: superusers # Name is case sensitive
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role #this must be Role or ClusterRole
  name: airwave-rbac-su-role # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: rbac.authorization.k8s.io
# User Account in the form of a ServiceAccount
# This part will be auto-generated