---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-azuredisk-node-sa
  namespace: kube-system

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-azuredisk-node-secret-role
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-azuredisk-node-secret-binding
subjects:
  - kind: ServiceAccount
    name: csi-azuredisk-node-sa
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: csi-azuredisk-node-secret-role
  apiGroup: rbac.authorization.k8s.io