From a8c5110f6576e560ed29d34dbcd6f7fad8537e0f Mon Sep 17 00:00:00 2001
From: Swetha Repakula <srepakula@google.com>
Date: Mon, 8 Mar 2021 14:52:50 -0800
Subject: [PATCH] Add GLBC roles for IngressClass & GCPIngressParams

---
 cluster/addons/rbac/cluster-loadbalancing/glbc/roles.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cluster/addons/rbac/cluster-loadbalancing/glbc/roles.yaml b/cluster/addons/rbac/cluster-loadbalancing/glbc/roles.yaml
index 3e7736c2f9d..509985ced0f 100644
--- a/cluster/addons/rbac/cluster-loadbalancing/glbc/roles.yaml
+++ b/cluster/addons/rbac/cluster-loadbalancing/glbc/roles.yaml
@@ -47,6 +47,8 @@ rules:
 # GLBC ensures that the `cloud.google.com/backendconfigs` and `networking.gke.io/servicenetworkendpointgroups` CRD exists in a desired state:
 # https://github.com/kubernetes/ingress-gce/blob/5c3fcb5845e74b92ea8bd52929b15fc5c9fa7970/cmd/glbc/main.go#L108
 # https://github.com/kubernetes/ingress-gce/blob/5c3fcb5845e74b92ea8bd52929b15fc5c9fa7970/cmd/glbc/main.go#L133
+# GLBC creates and updates `networking.gke.io/GCPIngressParams`
+# https://github.com/kubernetes/ingress-gce/blob/7f0928629c85e7a54c6af9e6e490ac89d057461a/cmd/glbc/main.go#L151-L162
 # TODO(rramkumar1): https://github.com/kubernetes/ingress-gce/issues/744
 - apiGroups: ["apiextensions.k8s.io"]
   resources: ["customresourcedefinitions"]
@@ -55,5 +57,9 @@ rules:
   resources: ["backendconfigs"]
   verbs: ["get", "list", "watch", "update", "create", "patch"]
 - apiGroups: ["networking.gke.io"]
-  resources: ["servicenetworkendpointgroups"]
+  resources: ["servicenetworkendpointgroups","gcpingressparams"]
+  verbs: ["get", "list", "watch", "update", "create", "patch"]
+# GLBC creates and updates `networking.k8s.io/IngressClass`
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingressclasses"]
   verbs: ["get", "list", "watch", "update", "create", "patch"]