apiVersion: v1
kind: ServiceAccount
metadata:
  name: falco-account
  labels:
    app: falco-example
    role: security
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: falco-cluster-role
  labels:
    app: falco-example
    role: security
rules:
  - apiGroups: ["extensions",""]
    resources: ["nodes","namespaces","pods","replicationcontrollers","replicasets","services","daemonsets","deployments","events","configmaps"]
    verbs: ["get","list","watch"]
  - nonResourceURLs: ["/healthz", "/healthz/*"]
    verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: falco-cluster-role-binding
  namespace: default
  labels:
    app: falco-example
    role: security
subjects:
  - kind: ServiceAccount
    name: falco-account
    namespace: default
roleRef:
  kind: ClusterRole
  name: falco-cluster-role
  apiGroup: rbac.authorization.k8s.io