Fix: Let armada reach all namespaces

These permissions are too generous for the long term, but resolve an
immediate issue where armada is unable to query and manage pods in other
namespaces.

Change-Id: Ib8137b7c7f1a42203be1a2842907aac6fde09468
This commit is contained in:
Mark Burnett 2018-02-16 09:08:07 -06:00 committed by Marshall Margenau
parent 73be096cea
commit ebc71ff8ec
1 changed files with 13 additions and 0 deletions

View File

@ -53,6 +53,19 @@ roleRef:
name: armada-api-runner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: armada-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1beta1
kind: Deployment
metadata: