apiVersion: v1
kind: Namespace
metadata:
  name: "${CLUSTER_NAME}"
  labels:
    toolkit.fluxcd.io/tenant: sre-team
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    toolkit.fluxcd.io/tenant: sre-team
  name: flux-restricted
  namespace: "${CLUSTER_NAME}"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    toolkit.fluxcd.io/tenant: sre-team
  name: flux-cluster-admin
  namespace: "${CLUSTER_NAME}"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: sre-team
  name: flux-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: flux-cluster-admin
    namespace: "${CLUSTER_NAME}"