apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: anyway-backend
  name: deployment-role
rules:
- apiGroups: [""] # "" indicates the core API group
  resources:
    - pods
    - services
    - deployments
    - ingresses
  verbs:
    - create
    - delete
    - deletecollection
    - get
    - list
    - patch
    - update
    - watch

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: deployment-rolebinding
  namespace: anyway-backend
subjects:
- kind: ServiceAccount
  name: deployment-sa
  namespace: anyway-backend
roleRef:
  kind: Role
  name: deployment-role
  apiGroup: rbac.authorization.k8s.io

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: deployment-sa
  namespace: anyway-backend
automountServiceAccountToken: false

---

apiVersion: v1
kind: Secret
metadata:
  namespace: anyway-backend
  name: deployment-token-secret
  annotations:
    kubernetes.io/service-account.name: deployment-sa
type: kubernetes.io/service-account-token