restrict phoenix RBAC to minimum permissions

phoenix/rbac.yaml

@@ -10,12 +10,14 @@ metadata:
   name: phoenix-role
   namespace: web
 rules:
-- apiGroups: [""]
+- apiGroups:
-  resources: ["*"]
+  - "apps"
-  verbs: ["get", "watch", "list"]
+  resources:
-- apiGroups: ["apps"]
+  - deployments
-  resources: ["*"]
+  resourceNames:
-  verbs: ["get", "watch", "list"]
+  - phoenix-app
+  verbs:
+  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding