kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: drone
  name: drone
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create", "delete"]
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "create", "delete", "list", "watch", "update"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone
  namespace: drone
subjects:
- kind: ServiceAccount
  name: default
  namespace: drone
roleRef:
  kind: Role
  name: drone
  apiGroup: rbac.authorization.k8s.io