apiVersion: v1
kind: Secret
metadata:
  name: jwt-secret
  namespace: juwan
type: Opaque
data:
  # base64 encoded: your-secret-jwt-key-change-this-in-production
  secret-key: eW91ci1zZWNyZXQtand0LWtleS1jaGFuZ2UtdGhpcy1pbi1wcm9kdWN0aW9u
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: user-rpc
  namespace: juwan
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: envoy-gateway
  namespace: juwan
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: jwt-secret-reader
  namespace: juwan
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["jwt-secret"]
    verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: user-rpc-jwt-secret-reader
  namespace: juwan
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jwt-secret-reader
subjects:
  - kind: ServiceAccount
    name: user-rpc
    namespace: juwan
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: envoy-gateway-jwt-secret-reader
  namespace: juwan
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jwt-secret-reader
subjects:
  - kind: ServiceAccount
    name: envoy-gateway
    namespace: juwan