blob: 301853216b9d49984b4356f2a4fa81a58ff7f099 [file] [log] [blame]
Richard Jankowskic3c291c2018-02-02 13:57:33 -05001apiVersion: v1
2kind: ServiceAccount
3metadata:
4 name: nginx-ingress-serviceaccount
5 namespace: ingress-nginx
6
7---
8
9apiVersion: rbac.authorization.k8s.io/v1beta1
10kind: ClusterRole
11metadata:
12 name: nginx-ingress-clusterrole
13rules:
14 - apiGroups:
15 - ""
16 resources:
17 - configmaps
18 - endpoints
19 - nodes
20 - pods
21 - secrets
22 verbs:
23 - list
24 - watch
25 - apiGroups:
26 - ""
27 resources:
28 - nodes
29 verbs:
30 - get
31 - apiGroups:
32 - ""
33 resources:
34 - services
35 verbs:
36 - get
37 - list
38 - watch
39 - apiGroups:
40 - "extensions"
41 resources:
42 - ingresses
43 verbs:
44 - get
45 - list
46 - watch
47 - apiGroups:
48 - ""
49 resources:
50 - events
51 verbs:
52 - create
53 - patch
54 - apiGroups:
55 - "extensions"
56 resources:
57 - ingresses/status
58 verbs:
59 - update
60
61---
62
63apiVersion: rbac.authorization.k8s.io/v1beta1
64kind: Role
65metadata:
66 name: nginx-ingress-role
67 namespace: ingress-nginx
68rules:
69 - apiGroups:
70 - ""
71 resources:
72 - configmaps
73 - pods
74 - secrets
75 - namespaces
76 verbs:
77 - get
78 - apiGroups:
79 - ""
80 resources:
81 - configmaps
82 resourceNames:
83 # Defaults to "<election-id>-<ingress-class>"
84 # Here: "<ingress-controller-leader>-<nginx>"
85 # This has to be adapted if you change either parameter
86 # when launching the nginx-ingress-controller.
87 - "ingress-controller-leader-nginx"
88 verbs:
89 - get
90 - update
91 - apiGroups:
92 - ""
93 resources:
94 - configmaps
95 verbs:
96 - create
97 - apiGroups:
98 - ""
99 resources:
100 - endpoints
101 verbs:
102 - get
103
104---
105
106apiVersion: rbac.authorization.k8s.io/v1beta1
107kind: RoleBinding
108metadata:
109 name: nginx-ingress-role-nisa-binding
110 namespace: ingress-nginx
111roleRef:
112 apiGroup: rbac.authorization.k8s.io
113 kind: Role
114 name: nginx-ingress-role
115subjects:
116 - kind: ServiceAccount
117 name: nginx-ingress-serviceaccount
118 namespace: ingress-nginx
119
120---
121
122apiVersion: rbac.authorization.k8s.io/v1beta1
123kind: ClusterRoleBinding
124metadata:
125 name: nginx-ingress-clusterrole-nisa-binding
126roleRef:
127 apiGroup: rbac.authorization.k8s.io
128 kind: ClusterRole
129 name: nginx-ingress-clusterrole
130subjects:
131 - kind: ServiceAccount
132 name: nginx-ingress-serviceaccount
133 namespace: ingress-nginx