apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubeinvaders
  labels:
    app: kubeinvaders
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "watch", "list", "delete"]
- apiGroups: ["batch", "extensions"]
  resources: ["jobs"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubeinvaders
  labels:
    app: kubeinvaders
subjects:
- kind: ServiceAccount
  name: kubeinvaders
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubeinvaders