ALB ingress: update rbac clusterrole and remove role

roles/kubernetes-apps/alb_ingress_controller/tasks/main.yml

@@ -17,8 +17,6 @@
     - { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding }
     - { name: alb-ingress-ns, file: alb-ingress-ns.yml, type: ns }
     - { name: alb-ingress-sa, file: alb-ingress-sa.yml, type: sa }
-    - { name: alb-ingress-role, file: alb-ingress-role.yml, type: role }
-    - { name: alb-ingress-rolebinding, file: alb-ingress-rolebinding.yml, type: rolebinding }
     - { name: alb-ingress-deploy, file: alb-ingress-deploy.yml, type: deploy }
   register: alb_ingress_manifests
   when:

roles/kubernetes-apps/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2

@@ -5,21 +5,9 @@ metadata:
   name: alb-ingress
   namespace: {{ alb_ingress_controller_namespace }}
 rules:
-  - apiGroups: [""]
-    resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"]
-    verbs: ["list", "watch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get"]
-  - apiGroups: [""]
-    resources: ["services"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["extensions"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-  - apiGroups: ["extensions"]
-    resources: ["ingresses/status"]
-    verbs: ["update"]
+  - apiGroups: ["", "extensions"]
+    resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "events", "ingresses", "ingresses/status", "services"]
+    verbs: ["list", "create", "get", "update", "watch", "patch"]
+  - apiGroups: ["", "extensions"]
+    resources: ["nodes", "pods", "secrets", "services", "namespaces"]
+    verbs: ["get", "list", "watch"]