apiVersion: v1
kind: Namespace
metadata:
  name: profitap

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-sa1
  namespace: profitap

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: my-cluster-role
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["delete", "list", "create"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list"]
- apiGroups: [""]
  resources: ["services", "namespaces"]
  verbs: ["delete", "create"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "delete", "create"]
- apiGroups: [""]
  resources: ["serviceaccounts/token"]
  verbs: ["create"]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["create", "delete"]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingressclasses"]
  verbs: ["list"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: my-cluster-role-binding
subjects:
- kind: ServiceAccount
  name: my-sa1
  namespace: profitap
roleRef:
  kind: ClusterRole
  name: my-cluster-role
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: v1
kind: Secret
metadata:
  name: my-sa1-token
  annotations:
    kubernetes.io/service-account.name: my-sa1
  namespace: profitap
type: kubernetes.io/service-account-token