app/matrix: allow not7cd access to matrix-0x3c

Change-Id: Iba9edfdfd2d05701e1266c279ec2f4881fa3505e
2020-11-11 23:39:48 +01:00 · 2020-11-11 23:39:48 +01:00 · 21e9f7aaea
parent 2117416052
commit 21e9f7aaea
1 changed files with 24 additions and 0 deletions
--- a/app/matrix/global.jsonnet
+++ b/app/matrix/global.jsonnet
@ -0,0 +1,24 @@
+local kube = import "../../kube/kube.libsonnet";
+
+// Global resources specific to Matrix deployments. Currently this is only RBAC objects.
+
+{
+    // Allow non-staff admin access to matrix.0x3c.pl.
+    admin0x3c: kube.RoleBinding("admins") {
+        metadata+: {
+            namespace: "matrix-0x3c",
+        },
+        roleRef: {
+            apiGroup: "rbac.authorization.k8s.io",
+            kind: "ClusterRole",
+            name: "system:admin-namespace",
+        },
+        subjects: [
+            {
+                apiGroup: "rbac.authorization.k8s.io",
+                kind: "User",
+                name: "not7cd@hackerspace.pl",
+            },
+        ],
+    },
+}