cluster/kube: allow system:admin-namespaces to modify ingresses
This will permit any binding to system:admin-namespaces (eg. personal-*
namespaces, per-namespace extra admin access like matrix-0x3c) the
ability to create and updates ingresses.
Change-Id: I522896ebe290fe982d6fe46b7b1d604d22b4f72c
diff --git a/cluster/kube/cluster.libsonnet b/cluster/kube/cluster.libsonnet
index c42ee8a..1826b0c 100644
--- a/cluster/kube/cluster.libsonnet
+++ b/cluster/kube/cluster.libsonnet
@@ -120,6 +120,11 @@
resources: ["jobs", "cronjobs"],
verbs: ["*"],
},
+ {
+ apiGroups: ["networking.k8s.io"],
+ resources: ["ingresses"],
+ verbs: ["*"],
+ },
],
},
// This ClusterRoleBindings allows root access to cluster admins.