[CORE-669] Add permission to create ingress (gruntwork-io#27)

Adds a permission that's required for creating ingresses. The reason we needed this is because the K8s deployer that's used in dogfood accounts will `apply` both Aperture and mission-control k8s services. Those services create ingresses so if the deployer doesn't have this permission then it can't function. Note: This was previously not required in older versions of EKS but is now needed.
gads-citron · Apr 6, 2023 · cd29464 · cd29464
1 parent fe9b05a
commit cd29464
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/modules/namespace-roles/main.tf b/modules/namespace-roles/main.tf
@@ -117,6 +117,7 @@ resource "kubernetes_role" "rbac_helm_resource_access" {
       "extensions",
       "apps",
       "rbac.authorization.k8s.io", # We include RBAC here because many helm charts create RBAC roles to minimize pod access.
+      "networking.k8s.io",         # Grants access to create Ingress objects.
     ]
 
     resources = ["*"]