service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
automountServiceAccountToken: false
---
apiVersion: v1
kind: Secret
metadata:
  name: jenkins-secret
  annotations:
    kubernetes.io/service-account.name: jenkins
type: kubernetes.io/service-account-token
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins-role
  namespace: default
rules: # ## Customize these to meet your requirements ##
- apiGroups: ["apps","autoscaling","extensions","policy","rbac.authorization.k8s.io","core","networking.k8s.io",""]
  resources: ["secrets","deployments","pods","daemonsets","configmaps","horizontalpodautoscalers","jobs","persistentvolumes","persistentvolumeclaims","replicasets","replicationcontrollers","services","endpoints","ingresses"]
  verbs: ["create","delete","get","list","patch","update","watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: global-rolebinding
  namespace: default
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: default
roleRef:
  kind: Role
  name: jenkins-role
  apiGroup: rbac.authorization.k8s.io
---