app/matrix: allow not7cd access to matrix-0x3c Change-Id: Iba9edfdfd2d05701e1266c279ec2f4881fa3505e

commit: 21e9f7aaea591a2889b040ba8d4e15234ccf8853 [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Wed Nov 11 23:39:48 2020 +0100
committer: Serge Bazanski <q3k@hackerspace.pl> Wed Nov 11 23:39:48 2020 +0100
tree: 717d9ca1a15cf51f03dd005cff1ba49d6a52cf2e
parent: 21174160523463b59754a224a1b6bc56f4e9a169 [diff]
diff --git a/app/matrix/global.jsonnet b/app/matrix/global.jsonnet
new file mode 100644
index 0000000..a829745
--- /dev/null
+++ b/app/matrix/global.jsonnet

@@ -0,0 +1,24 @@
+local kube = import "../../kube/kube.libsonnet";
+
+// Global resources specific to Matrix deployments. Currently this is only RBAC objects.
+
+{
+    // Allow non-staff admin access to matrix.0x3c.pl.
+    admin0x3c: kube.RoleBinding("admins") {
+        metadata+: {
+            namespace: "matrix-0x3c",
+        },
+        roleRef: {
+            apiGroup: "rbac.authorization.k8s.io",
+            kind: "ClusterRole",
+            name: "system:admin-namespace",
+        },
+        subjects: [
+            {
+                apiGroup: "rbac.authorization.k8s.io",
+                kind: "User",
+                name: "not7cd@hackerspace.pl",
+            },
+        ],
+    },
+}
commit	21e9f7aaea591a2889b040ba8d4e15234ccf8853	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Wed Nov 11 23:39:48 2020 +0100
committer	Serge Bazanski <q3k@hackerspace.pl>	Wed Nov 11 23:39:48 2020 +0100
tree	717d9ca1a15cf51f03dd005cff1ba49d6a52cf2e
parent	21174160523463b59754a224a1b6bc56f4e9a169 [diff]