---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kafka
  namespace: kafka
automountServiceAccountToken: true
---
# Sufficient rights to look up self's pod description and pod's node description
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: node-reader
rules:
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kafka-node-reader
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: node-reader
subjects:
- kind: ServiceAccount
  name: kafka
  namespace: kafka