simple.yaml --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: # "namespace" omitted since ClusterRoles are not namespaced name: cluster-role-simple rules: - apiGroups: [""] # at the HTTP level, the name of the resource for accessing Secret # objects is "secrets" resources: ["secrets"] verbs: ["get", "watch", "list"] https://kubernetes.io/docs/reference/access-authn-authz/rbac/