feat(rbac): new cluster role and binding ingress-admin

!6

templates/kubernetes-manifest-rbac.yaml.j2

@@ -132,6 +132,32 @@ rules:
       - list
       - watch
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    authorization/description: |-
+      Provide access for adding/editing/removing Ingress'.
+
+      This role is designed for a user who is responsible for the
+      cluster ingress.
+    authorization/target: namespace
+  name: authorization:cluster:ingress-admin
+rules:
+  - apiGroups:
+      - "*"
+    resources:
+      - pods
+      - nodes
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - delete
+
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -185,6 +211,20 @@ subjects:
   - kind: Group
     name: technician
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: authorization:ingress-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: authorization:cluster:ingress-admin
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: administrators
+
 
 # ---
 # kind: ClusterRoleBinding