--- apiVersion: v1 kind: ServiceAccount metadata: name: awx --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: pod-manager rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: awx-pod-manager subjects: - kind: ServiceAccount name: awx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pod-manager