ingress-nginx-helm/charts/ingress-nginx/templates/controller-role.yaml

{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: controller
  name: {{ include "ingress-nginx.fullname" . }}
rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - endpoints
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - "networking.k8s.io" # k8s 1.14+
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
{{- if .Values.podSecurityPolicy.enabled }}
  - apiGroups:      [{{ template "podSecurityPolicy.apiGroup" . }}]
    resources:      ['podsecuritypolicies']
    verbs:          ['use']
    resourceNames:  [{{ include "ingress-nginx.fullname" . }}]
{{- end }}
{{- end }}
Start migration of helm chart (#5159) 2020-02-24 19:25:57 +00:00			`{{- if .Values.rbac.create -}}`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`labels:`
Update helm templates to match new chart name 2020-02-28 14:53:24 +00:00			`{{- include "ingress-nginx.labels" . \| nindent 4 }}`
Hardcode component names. By removing this, we reduce unecessary config options and moving parts. Signed-off-by: Naseem <naseem@transit.app> 2020-03-04 02:53:23 +00:00			`app.kubernetes.io/component: controller`
			`name: {{ include "ingress-nginx.fullname" . }}`
Start migration of helm chart (#5159) 2020-02-24 19:25:57 +00:00			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- namespaces`
			`verbs:`
			`- get`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`- pods`
			`- secrets`
			`- endpoints`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- services`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- extensions`
			`- "networking.k8s.io" # k8s 1.14+`
			`resources:`
			`- ingresses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- extensions`
			`- "networking.k8s.io" # k8s 1.14+`
			`resources:`
			`- ingresses/status`
			`verbs:`
			`- update`
Add support for IngressClass and ingress.class annotation 2020-04-20 21:38:50 +00:00			`- apiGroups:`
			`- "networking.k8s.io" # k8s 1.14+`
			`resources:`
			`- ingressclasses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
Start migration of helm chart (#5159) 2020-02-24 19:25:57 +00:00			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`resourceNames:`
			`- {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }}`
			`verbs:`
			`- get`
			`- update`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`verbs:`
			`- create`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- events`
			`verbs:`
			`- create`
			`- patch`
			`{{- if .Values.podSecurityPolicy.enabled }}`
Cleanup chart code 2020-03-02 14:49:26 +00:00			`- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]`
Start migration of helm chart (#5159) 2020-02-24 19:25:57 +00:00			`resources: ['podsecuritypolicies']`
			`verbs: ['use']`
Hardcode component names. By removing this, we reduce unecessary config options and moving parts. Signed-off-by: Naseem <naseem@transit.app> 2020-03-04 02:53:23 +00:00			`resourceNames: [{{ include "ingress-nginx.fullname" . }}]`
Cleanup chart code 2020-03-02 14:49:26 +00:00			`{{- end }}`
Start migration of helm chart (#5159) 2020-02-24 19:25:57 +00:00			`{{- end }}`