blob: 66b6c718f5f2b58bf873724f542b8707436abe65 [file] [log] [blame]
Gopinath Tagete2dff4d2018-03-15 17:22:28 -07001# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: ServiceAccount
17metadata:
18 name: nginx-ingress-serviceaccount
19 namespace: {{ .Values.global.namespace }}
20
21---
22
23apiVersion: rbac.authorization.k8s.io/v1beta1
24kind: ClusterRole
25metadata:
26 name: nginx-ingress-clusterrole
27rules:
28 - apiGroups:
29 - ""
30 resources:
31 - configmaps
32 - endpoints
33 - nodes
34 - pods
35 - secrets
36 verbs:
37 - list
38 - watch
39 - apiGroups:
40 - ""
41 resources:
42 - nodes
43 verbs:
44 - get
45 - apiGroups:
46 - ""
47 resources:
48 - services
49 verbs:
50 - get
51 - list
52 - watch
53 - apiGroups:
54 - "extensions"
55 resources:
56 - ingresses
57 verbs:
58 - get
59 - list
60 - watch
61 - apiGroups:
62 - ""
63 resources:
64 - events
65 verbs:
66 - create
67 - patch
68 - apiGroups:
69 - "extensions"
70 resources:
71 - ingresses/status
72 verbs:
73 - update
74
75---
76
77apiVersion: rbac.authorization.k8s.io/v1beta1
78kind: Role
79metadata:
80 name: nginx-ingress-role
81 namespace: {{ .Values.global.namespace }}
82rules:
83 - apiGroups:
84 - ""
85 resources:
86 - configmaps
87 - pods
88 - secrets
89 - namespaces
90 verbs:
91 - get
92 - apiGroups:
93 - ""
94 resources:
95 - configmaps
96 resourceNames:
97 # Defaults to "<election-id>-<ingress-class>"
98 # Here: "<ingress-controller-leader>-<nginx>"
99 # This has to be adapted if you change either parameter
100 # when launching the nginx-ingress-controller.
101 - "ingress-controller-leader-nginx"
102 verbs:
103 - get
104 - update
105 - apiGroups:
106 - ""
107 resources:
108 - configmaps
109 verbs:
110 - create
111 - apiGroups:
112 - ""
113 resources:
114 - endpoints
115 verbs:
116 - get
117
118---
119
120apiVersion: rbac.authorization.k8s.io/v1beta1
121kind: RoleBinding
122metadata:
123 name: nginx-ingress-role-nisa-binding
124 namespace: {{ .Values.global.namespace }}
125roleRef:
126 apiGroup: rbac.authorization.k8s.io
127 kind: Role
128 name: nginx-ingress-role
129subjects:
130 - kind: ServiceAccount
131 name: nginx-ingress-serviceaccount
132 namespace: {{ .Values.global.namespace }}
133
134---
135
136apiVersion: rbac.authorization.k8s.io/v1beta1
137kind: ClusterRoleBinding
138metadata:
139 name: nginx-ingress-clusterrole-nisa-binding
140roleRef:
141 apiGroup: rbac.authorization.k8s.io
142 kind: ClusterRole
143 name: nginx-ingress-clusterrole
144subjects:
145 - kind: ServiceAccount
146 name: nginx-ingress-serviceaccount
147 namespace: {{ .Values.global.namespace }}