---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: local-storage-admin
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: local-storage-provisioner-pv-binding
  namespace: {{ system_namespace }}
subjects:
- kind: ServiceAccount
  name: local-storage-admin
  namespace: {{ system_namespace }}
roleRef:
  kind: ClusterRole
  name: system:persistent-volume-provisioner
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: local-storage-provisioner-node-binding
  namespace: {{ system_namespace }}
subjects:
- kind: ServiceAccount
  name: local-storage-admin
  namespace: {{ system_namespace }}
roleRef:
  kind: ClusterRole
  name: system:node
  apiGroup: rbac.authorization.k8s.io