---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: drone-kubernetes-secrets
  namespace: development
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: drone-kubernetes-secrets
  namespace: development
subjects:
  - kind: ServiceAccount
    name: drone-kubernetes-secrets
roleRef:
  kind: Role
  name: drone-kubernetes-secrets
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: drone-edit-media
  namespace: media
subjects:
  - kind: ServiceAccount
    name: default
    namespace: development
roleRef:
  kind: ClusterRole
  name: edit
  apiGroup: rbac.authorization.k8s.io