modify wargames role so user can access warnet dashboard

Author: pinheadmz

resources/charts/namespaces/templates/role.yaml

@@ -1,10 +1,9 @@
 {{- range .Values.roles }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
   name: {{ .name }}
-  namespace: {{ $.Values.namespaceName | default $.Release.Name }}
 rules:
 {{ toYaml .rules | indent 2 }}
 {{- end }}

resources/charts/namespaces/templates/rolebinding.yaml

@@ -1,18 +1,22 @@
 {{- range $user := .Values.users }}
-{{- range $role := $user.roles }}
+{{- range $roleName := $user.roles }}
+{{- range $r := $.Values.roles }}
+{{- if eq $r.name $roleName }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ $.Release.Name }}-{{ $role }}-{{ $user.name }}
-  namespace: {{ $.Values.namespaceName | default $.Release.Name }}
+  name: {{ $.Release.Name }}-{{ $roleName }}-{{ $user.name }}
+  namespace: {{ $r.namespaceName | default $.Values.namespaceName | default $.Release.Name }}
 subjects:
 - kind: ServiceAccount
   name: {{ $user.name }}
   namespace: {{ $.Values.namespaceName | default $.Release.Name }}
 roleRef:
-  kind: Role
-  name: {{ $role }}
+  kind: ClusterRole
+  name: {{ $roleName }}
   apiGroup: rbac.authorization.k8s.io
 {{- end }}
 {{- end }}
+{{- end }}
+{{- end }}

resources/charts/namespaces/values.yaml

@@ -3,6 +3,8 @@ users:
     roles:
       - pod-viewer
       - pod-manager
+      - ingress-viewer
+      - ingress-controller-viewer
 roles:
   - name: pod-viewer
     rules:
@@ -44,3 +46,15 @@ roles:
       - apiGroups: [""]
         resources: ["events", "pods/status"]
         verbs: ["get"]
+  - name: ingress-viewer
+    namespaceName: ingress
+    rules:
+      - apiGroups: [""]
+        resources: ["pods"]
+        verbs: ["list", "get", "watch"]
+  - name: ingress-controller-viewer
+    namespaceName: warnet-logging
+    rules:
+      - apiGroups: ["networking.k8s.io"]
+        resources: ["ingresses"]
+        verbs: ["list", "get", "watch"]