Merge pull request #1490 from adrianludwin/cr-agg

Allow builtin 'admin' role to manage HNC objects

Author: k8s-ci-robot

incubator/hnc/config/rbac/hnc_admin.yaml

@@ -0,0 +1,18 @@
+
+---
+# This role is intended to be used by *humans*, and is aggregated to the
+# builtin 'admin' ClusterRole. By default, 'admin' doesn't get permissions
+# to custom resources (see issue #1341).
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: admin-role
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups:
+  - hnc.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - '*'

incubator/hnc/config/rbac/kustomization.yaml

@@ -1,6 +1,7 @@
 resources:
 - role.yaml
 - role_binding.yaml
+- hnc_admin.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
 # Comment the following 3 lines if you want to disable