Fix sipcluster-infra-service ClusterRole

SIP needs permission to create, modify, and watch deployments. While
deployments is listed in one of the SIP ClusterRoles, the apiGroup apps
is not present, so SIP cannot watch deplyoments that manage
infrastructure services. This change adds the missing apiGroup.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Ie376649cd67a82501c72d3ffdbb67cfe6e802934

config/rbac/auth_proxy_role_binding.yaml

@@ -9,4 +9,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: sip-cluster-system
+  namespace: sipcluster-system

config/rbac/leader_election_role_binding.yaml

@@ -9,4 +9,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: sip-cluster-system
+  namespace: sipcluster-system

config/rbac/role_binding.yaml

@@ -9,4 +9,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: sip-cluster-system
+  namespace: sipcluster-system

config/rbac/sipcluster_scheduler_binding.yaml

@@ -10,7 +10,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: sip-cluster-system
+  namespace: sipcluster-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -23,7 +23,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: sip-cluster-system
+  namespace: sipcluster-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -36,4 +36,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: sip-cluster-system
+  namespace: sipcluster-system

config/rbac/sipcluster_scheduler_role.yaml

@@ -50,7 +50,6 @@ rules:
   - ""
   resources:
   - namespaces
-  - deployments
   - secrets
   verbs:
   - create
@@ -67,8 +66,10 @@ metadata:
 rules:
 - apiGroups:
   - ""
+  - apps
   resources:
   - configmaps
+  - deployments
   - services
   verbs:
   - create