kubeshark/examples/roles/permissions-ns-debug-optional.yaml

# This example shows permissions that enrich the logs with additional info in namespace-restricted mode
# Optional with `mizu-tap`
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: mizu-runner-debug-role
  namespace: user1
rules:
- apiGroups: ["events.k8s.io"]
  resources: ["events"]
  verbs: ["watch"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: mizu-runner-debug-rolebindings
  namespace: user1
subjects:
- kind: User
  name: user1
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: mizu-runner-debug-role
  apiGroup: rbac.authorization.k8s.io