---
# AD/Samba group "Kubernetes Admins" members have full access
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-admins
subjects:
- kind: Group
  name: "Kubernetes Admins"
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
---
# AD/Samba group "Developers" members have view access for everything
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-developers
subjects:
- kind: Group
  name: Developers
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: developers
  namespace: camtiler
subjects:
- kind: Group
  name: Developers
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: developers
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: developers
  namespace: members-site
subjects:
- kind: Group
  name: Developers
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: developers
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: developers
rules:
  - verbs:
      - create
      - delete
      - patch
      - update
    apiGroups:
      - ''
    resources:
      - configmaps
      - pods/attach
      - pods/exec
      - pods/portforward
      - pods/proxy
  - verbs:
      - patch
    apiGroups:
      - apps
    resources:
      - deployments
      - statefulsets
      - deployments/scale
      - statefulsets/scale
  - verbs:
      - delete
    apiGroups:
      - ''
    resources:
      - pods