Fix: Let armada reach all namespaces

These permissions are too generous for the long term, but resolve an
immediate issue where armada is unable to query and manage pods in other
namespaces.

Change-Id: Ib8137b7c7f1a42203be1a2842907aac6fde09468

charts/armada/templates/deployment-api.yaml

@@ -53,6 +53,19 @@ roleRef:
   name: armada-api-runner
   apiGroup: rbac.authorization.k8s.io
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: armada-cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: {{ $serviceAccountName }}
+    namespace: {{ .Release.Namespace }}
+---
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata: