---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cleanup-service-account
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cleanup-admin
subjects:
- kind: ServiceAccount
  name: cleanup-service-account
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
  name: verify-job
  namespace: kube-system
  labels:
    app: verify
spec:
  template:
    spec:
      containers:
      - name: verify
        image: rancher/rancher-cleanup:latest
        command: [ "verify.sh" ]
        imagePullPolicy: Always
      serviceAccountName: cleanup-service-account
      restartPolicy: Never
  backoffLimit: 0