# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kube-proxy
subjects:
  - kind: User
    name: kube-proxy
    apiGroup: rbac.authorization.k8s.io
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kube-proxy
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kube-proxy-role
rules:
  -
    apiGroups:
      - ""
    resources:
      - endpoints
      - events
      - services
      - nodes
    verbs: ["get", "watch", "list"]
  - nonResourceURLs: ["*"]
    verbs: ["get", "watch", "list"]

  -
    apiGroups:
      - ""
    resources:
      - events
    verbs: ["*"]
  - nonResourceURLs: ["*"]
    verbs: ["*"]