apiVersion: v1
kind: ServiceAccount
metadata:
  name: bruce-operator
  namespace: bruce
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: bruce-operator
  labels:
    k8s-app: bruce-operator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: bruce-operator
  namespace: bruce
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: bruce-operator
  namespace: bruce
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: bruce-operator
subjects:
- kind: ServiceAccount
  name: bruce-operator
  namespace: bruce
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bruce-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      name: bruce-operator
  template:
    metadata:
      labels:
        name: bruce-operator
      namespace: bruce
    spec:
      serviceAccountName: bruce-operator
      containers:
        - name: bruce-operator
          image: kennethreitz/bruce-operator:latest
          imagePullPolicy: Always
          env:
            - name: WATCH_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace