github.com/fafucoder/cilium@v1.6.11/examples/kubernetes-ingress/deployments/guestbook/ingress/1-nginx-ingress-controller-rbac.yml

github.com/fafucoder/cilium@v1.6.11/examples/kubernetes-ingress/deployments/guestbook/ingress/1-nginx-ingress-controller-rbac.yml (about)

     1  apiVersion: v1
     2  kind: Namespace
     3  metadata:
     4    name: nginx-ingress
     5  ---
     6  apiVersion: v1
     7  kind: ServiceAccount
     8  metadata:
     9    name: nginx-ingress-serviceaccount
    10    namespace: nginx-ingress
    11  ---
    12  apiVersion: rbac.authorization.k8s.io/v1beta1
    13  kind: ClusterRole
    14  metadata:
    15    name: nginx-ingress-clusterrole
    16  rules:
    17    - apiGroups:
    18        - ""
    19      resources:
    20        - configmaps
    21        - endpoints
    22        - nodes
    23        - pods
    24        - secrets
    25      verbs:
    26        - list
    27        - watch
    28    - apiGroups:
    29        - ""
    30      resources:
    31        - nodes
    32      verbs:
    33        - get
    34    - apiGroups:
    35        - ""
    36      resources:
    37        - services
    38      verbs:
    39        - get
    40        - list
    41        - watch
    42    - apiGroups:
    43        - "extensions"
    44      resources:
    45        - ingresses
    46      verbs:
    47        - get
    48        - list
    49        - watch
    50    - apiGroups:
    51        - ""
    52      resources:
    53          - events
    54      verbs:
    55          - create
    56          - patch
    57    - apiGroups:
    58        - "extensions"
    59      resources:
    60        - ingresses/status
    61      verbs:
    62        - update
    63  ---
    64  apiVersion: rbac.authorization.k8s.io/v1beta1
    65  kind: Role
    66  metadata:
    67    name: nginx-ingress-role
    68    namespace: nginx-ingress
    69  rules:
    70    - apiGroups:
    71        - ""
    72      resources:
    73        - configmaps
    74        - pods
    75        - secrets
    76        - namespaces
    77      verbs:
    78        - get
    79    - apiGroups:
    80        - ""
    81      resources:
    82        - configmaps
    83      resourceNames:
    84        # Defaults to "<election-id>-<ingress-class>"
    85        # Here: "<ingress-controller-leader>-<nginx>"
    86        # This has to be adapted if you change either parameter
    87        # when launching the nginx-ingress-controller.
    88        - "ingress-controller-leader-nginx"
    89      verbs:
    90        - get
    91        - update
    92    - apiGroups:
    93        - ""
    94      resources:
    95        - configmaps
    96      verbs:
    97        - create
    98    - apiGroups:
    99        - ""
   100      resources:
   101        - endpoints
   102      verbs:
   103        - get
   104        - create
   105        - update
   106  ---
   107  apiVersion: rbac.authorization.k8s.io/v1beta1
   108  kind: RoleBinding
   109  metadata:
   110    name: nginx-ingress-role-nisa-binding
   111    namespace: nginx-ingress
   112  roleRef:
   113    apiGroup: rbac.authorization.k8s.io
   114    kind: Role
   115    name: nginx-ingress-role
   116  subjects:
   117    - kind: ServiceAccount
   118      name: nginx-ingress-serviceaccount
   119      namespace: nginx-ingress
   120  ---
   121  apiVersion: rbac.authorization.k8s.io/v1beta1
   122  kind: ClusterRoleBinding
   123  metadata:
   124    name: nginx-ingress-clusterrole-nisa-binding
   125  roleRef:
   126    apiGroup: rbac.authorization.k8s.io
   127    kind: ClusterRole
   128    name: nginx-ingress-clusterrole
   129  subjects:
   130    - kind: ServiceAccount
   131      name: nginx-ingress-serviceaccount
   132      namespace: nginx-ingress