Fix #798 - RBAC for leader election
Using gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7 the nginx-controller needs to handle leader-election via configmaps. To perform the leader-election the nginx-controller needs to have the appropiate RBAC permissions. Previously to this fix, the following errors occured: - cannot get configmaps in the namespace "NAMESPACE_PLACEHOLDER". (get configmaps ingress-controller-leader-nginx) - initially creating leader election record: User "system:serviceaccount:NAMESPACE_PLACEHOLDER" cannot create configmaps in the namespace "NAMESPACE_PLACEHOLDER". (post configmaps)
This commit is contained in:
Jan Weitz
parent
a6bba68233
commit
cfef9986e7
1 changed files with 10 additions and 1 deletions
|
|
@ -64,11 +64,20 @@ rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
- configmaps
|
|
||||||
- pods
|
- pods
|
||||||
- secrets
|
- secrets
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
resourceNames:
|
||||||
|
- "ingress-controller-leader-nginx"
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue