apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: woodpecker-ci-role
  namespace: woodpecker
rules:
  - apiGroups: [""]
    resources: ["pods", "pods/log", "pods/exec", "pods/status", "persistentvolumeclaims", "secrets"]
    verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: woodpecker-ci-binding
  namespace: woodpecker
subjects:
  - kind: ServiceAccount
    name: default
    namespace: woodpecker
roleRef:
  kind: Role
  name: woodpecker-ci-role
  apiGroup: rbac.authorization.k8s.io