apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns-ci
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: coredns-configmap-editor
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["coredns-custom"]
    verbs: ["get", "update", "patch"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    resourceNames: ["coredns"]
    verbs: ["get", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: coredns-ci-binding
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: coredns-configmap-editor
subjects:
  - kind: ServiceAccount
    name: coredns-ci
    namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
  name: coredns-ci-token
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: coredns-ci
type: kubernetes.io/service-account-token