---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: qinling
rules:
  - apiGroups: [""]
    resources: ["nodes", "namespaces"]
    verbs: ["list"]
  - apiGroups: [""]
    resources: ["namespaces"]
    resourceNames: ["qinling"]
    verbs: ["create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: qinling
subjects:
- kind: User
  name: qinling
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: qinling
  apiGroup: rbac.authorization.k8s.io
---
# The qinling namespace should be created for the role and rolebinding
apiVersion: v1
kind: Namespace
metadata:
  name: qinling
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: qinling
  namespace: qinling
rules:
- apiGroups: [""]
  resources: ["services"]
  verbs: ["list", "get", "create", "delete"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["list", "get", "create", "patch", "delete", "deletecollection"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get"]
- apiGroups: ["extensions"]
  resources: ["deployments"]
  verbs: ["get", "create", "patch", "deletecollection"]
- apiGroups: ["extensions"]
  resources: ["deployments/rollback"]
  verbs: ["create"]
- apiGroups: ["extensions"]
  resources: ["deployments/status"]
  verbs: ["get"]
- apiGroups: ["extensions"]
  resources: ["replicasets"]
  verbs: ["deletecollection"]
- apiGroups: ["extensions"]
  resources: ["networkpolicies"]
  verbs: ["list", "get", "create", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: qinling
  namespace: qinling
subjects:
- kind: User
  name: qinling
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: qinling
  apiGroup: rbac.authorization.k8s.io