kind: ServiceAccount
apiVersion: v1
metadata:
  namespace: chaos-mesh
  name: account-cluster-manager-kbpcu

---
apiVersion: v1
kind: Secret
metadata:
  name: chaos-mesh-dashboard
  namespace: chaos-mesh
  annotations:
    kubernetes.io/service-account.name: "account-cluster-manager-kbpcu"
type: kubernetes.io/service-account-token

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: role-cluster-manager-kbpcu
rules:
- apiGroups: [""]
  resources: ["pods", "namespaces"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["chaos-mesh.org"]
  resources: ["*"]
  verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: bind-cluster-manager-kbpcu
subjects:
- kind: ServiceAccount
  name: account-cluster-manager-kbpcu
  namespace: chaos-mesh
roleRef:
  kind: ClusterRole
  name: role-cluster-manager-kbpcu
  apiGroup: rbac.authorization.k8s.io