Question
A new member Ben joins your company. He is getting on-boarded and needs access to list and view the deployments.
Create a new cluster wide role called read-only-cluster and binding named read-only-cluster-binding to grant necessary permissions to Ben.
Certificates for user ben were setup already.
Answer
Use imperative commands:
kubectl create clusterrole read-only-cluster --resource=deployments --verb=get,list
kubectl create clusterrolebinding read-only-cluster-binding --clusterrole=read-only-cluster --user=ben
Verify:
kubectl auth can-i get deploy --as ben
kubectl auth can-i list deploy --as ben
you should get yes for both