apiVersion: v1 kind: ServiceAccount metadata: name: lionsdev-client namespace: lions-apps labels: app: lionsdev-client app.kubernetes.io/name: lionsdev-client app.kubernetes.io/part-of: lions-infrastructure app.kubernetes.io/managed-by: lionsctl automountServiceAccountToken: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: lionsdev-client-role namespace: lions-apps labels: app: lionsdev-client app.kubernetes.io/name: lionsdev-client app.kubernetes.io/part-of: lions-infrastructure app.kubernetes.io/managed-by: lionsctl rules: - apiGroups: [""] resources: ["configmaps", "secrets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["deployments", "replicasets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services", "endpoints"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: lionsdev-client-rolebinding namespace: lions-apps labels: app: lionsdev-client app.kubernetes.io/name: lionsdev-client app.kubernetes.io/part-of: lions-infrastructure app.kubernetes.io/managed-by: lionsctl subjects: - kind: ServiceAccount name: lionsdev-client namespace: lions-apps roleRef: kind: Role name: lionsdev-client-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Secret metadata: name: registry-lions-dev namespace: lions-apps labels: app: lionsdev-client app.kubernetes.io/name: lionsdev-client app.kubernetes.io/part-of: lions-infrastructure app.kubernetes.io/managed-by: lionsctl type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5saW9ucy5kZXYiOnsidXNlcm5hbWUiOiJsaW9uc3JlZ2lzdHJ5IiwicGFzc3dvcmQiOiJMaW9uc1JlZ2lzdHJ5MjAyNSEiLCJhdXRoIjoiYkdsdmJuTnlaV2RwYzNSeWVUcE1hVzl1YzFKbFoybHpkSEo1TWpBeU5TRT0ifX19 # Base64 encoded Docker config for registry.lions.dev # Username: lionsregistry # Password: LionsRegistry2025!