examples/additional_ns_rbac.yaml
# RBAC rules for allowing the observer to access an additional namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tailscale
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tailscale
subjects:
- kind: ServiceAccount
name: tailscale
namespace: TS_NAMESPACE
roleRef:
kind: Role
name: tailscale
apiGroup: rbac.authorization.k8s.io