+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}-{{ $releaseName }}-e2sim-access
+ namespace: {{ $e2simNamespace }}
+rules:
+- apiGroups: [""]
+ resources: ["pods", "pods/log", "pods/exec", "services"]
+ verbs: ["get", "list"]
+- apiGroups: ["apps"]
+ resources: ["daemonsets", "replicasets", "statefulsets"]
+ verbs: ["get", "list"]
+- apiGroups: ["extensions"]
+ resources: ["daemonsets", "replicasets"]
+ verbs: ["get", "list"]
+- apiGroups: ["apps"]
+ resources: ["deployments"]
+ verbs: ["get", "list", "patch"]
+- apiGroups: ["extensions"]
+ resources: ["deployments"]
+ verbs: ["get", "list", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}-{{ $releaseName }}-e2sim-access
+ namespace: {{ $e2simNamespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}-{{ $releaseName }}-e2sim-access
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ .Release.Namespace }}