apiVersion: v1
kind: ServiceAccount
metadata:
  name: atat-deployer
  namespace: atat
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: atat
  name: atat-deploy-role
rules:
- apiGroups: ["extensions", "apps"]
  resources: ["deployments"]
  verbs: ["get", "watch", "create", "update", "patch"]
- apiGroups: [""]
  resources: ["services"]
  verbs: ["get", "create", "update", "patch"]
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "create", "update", "patch"]
- apiGroups: ["extensions", "apps"]
  resources: ["ingresses"]
  verbs: ["get", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: atst-role-binding
  namespace: atat
subjects:
- kind: ServiceAccount
  name: atat-deployer
  namespace: atat
- kind: ServiceAccount
  name: atat-deployer
  namespace: atat-test
roleRef:
  kind: Role
  name: atat-deploy-role
  apiGroup: rbac.authorization.k8s.io