From b84c9b4eeaf4194823b26fb5578897fb7b5f2a54 Mon Sep 17 00:00:00 2001 From: Jan Weitz Date: Thu, 1 Jun 2017 17:33:21 +0200 Subject: [PATCH] Add explainatory comments about configmap name --- examples/rbac/nginx/README.md | 17 ++++++++++++++++- .../nginx/nginx-ingress-controller-rbac.yml | 4 ++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/examples/rbac/nginx/README.md b/examples/rbac/nginx/README.md index dd9042d59..8452570e5 100644 --- a/examples/rbac/nginx/README.md +++ b/examples/rbac/nginx/README.md @@ -46,8 +46,23 @@ granted to the ClusterRole named `nginx-ingress-clusterrole` These permissions are granted specific to the nginx-ingress namespace. These permissions are granted to the Role named `nginx-ingress-role` -* `configmaps`, `pods`, `secrets`: get * `endpoints`: create, get, update +* `pods`, `secrets`: get + +Furthermore to support leader-election, the nginx-ingress-controller needs to +have access to a `configmap` using the resourceName `ingress-controller-leader-nginx` + +* `configmaps`: create, get, update (for resourceName `ingress-controller-leader-nginx`) + +This resourceName is the concatenation of the `election-id` and the +`ingress-class` as defined by the ingress-controller, which default to: + +* `election-id`: `ingress-controller-leader` +* `ingress-class`: `nginx` +* `resourceName` : `-` + +Please adapt accordingly if you overwrite either parameter when launching the +nginx-ingress-controller. ### Bindings diff --git a/examples/rbac/nginx/nginx-ingress-controller-rbac.yml b/examples/rbac/nginx/nginx-ingress-controller-rbac.yml index 556d60846..ce62de129 100644 --- a/examples/rbac/nginx/nginx-ingress-controller-rbac.yml +++ b/examples/rbac/nginx/nginx-ingress-controller-rbac.yml @@ -73,6 +73,10 @@ rules: resources: - configmaps resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx" verbs: - create