apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: git-limbosolutions-com
  name: continuous-deploy
rules:
- apiGroups: [""]
  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints", "serviceaccounts"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]

- apiGroups: ["apps"]
  resources: ["deployments", "statefulsets"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]

- apiGroups: ["batch"]
  resources: ["cronjobs", "jobs"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

- apiGroups: ["networking.k8s.io"]
  resources: ["networkpolicies"]
  verbs: ["get", "list", "watch", "patch", "update"]

- apiGroups: ["policy"]
  resources: ["poddisruptionbudgets"]
  verbs: ["get", "list", "watch", "update", "patch"]


---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: continuous-deploy
  namespace:  git-limbosolutions-com
subjects:
- kind: ServiceAccount
  name: continuous-deploy
  namespace: git-limbosolutions-com
roleRef:
  kind: Role
  name: continuous-deploy
  apiGroup: rbac.authorization.k8s.io