Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / f40c9249ce62bad0654ede5abb03cb683353f805^! / .
commitf40c9249ce62bad0654ede5abb03cb683353f805[log] [tgz]
authorSerge Bazanski <q3k@hackerspace.pl>Sun Feb 07 19:23:43 2021 +0000
committerq3k <q3k@hackerspace.pl>Sun Feb 07 19:24:43 2021 +0000
treed25cbfaece206eb74b1744f2c49cb81d5a54e6dc
parent41bbf1436a253503f824ac7f639b9fac2e672acb [diff]
cluster/kube: allow system:admin-namespaces to modify ingresses

This will permit any binding to system:admin-namespaces (eg. personal-*
namespaces, per-namespace extra admin access like matrix-0x3c) the
ability to create and updates ingresses.

Change-Id: I522896ebe290fe982d6fe46b7b1d604d22b4f72c

diff --git a/cluster/kube/cluster.libsonnet b/cluster/kube/cluster.libsonnet
index c42ee8a..1826b0c 100644
--- a/cluster/kube/cluster.libsonnet
+++ b/cluster/kube/cluster.libsonnet

@@ -120,6 +120,11 @@
                     resources: ["jobs", "cronjobs"],
                     verbs: ["*"],
                 },
+                {
+                    apiGroups: ["networking.k8s.io"],
+                    resources: ["ingresses"],
+                    verbs: ["*"],
+                },
             ],
         },
         // This ClusterRoleBindings allows root access to cluster admins.