github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/nginx-ingress/templates/nginx-ingress-rbac.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3  metadata:
     4    name: nginx-ingress-serviceaccount
     5    namespace: kube-system
     6  ---
     7  apiVersion: rbac.authorization.k8s.io/v1
     8  kind: ClusterRole
     9  metadata:
    10    name: nginx-ingress-clusterrole
    11  rules:
    12    - apiGroups:
    13        - ""
    14      resources:
    15        - configmaps
    16        - endpoints
    17        - nodes
    18        - pods
    19        - secrets
    20      verbs:
    21        - list
    22        - watch
    23    - apiGroups:
    24        - ""
    25      resources:
    26        - nodes
    27      verbs:
    28        - get
    29    - apiGroups:
    30        - ""
    31      resources:
    32        - services
    33      verbs:
    34        - get
    35        - list
    36        - watch
    37    - apiGroups:
    38        - "extensions"
    39      resources:
    40        - ingresses
    41      verbs:
    42        - get
    43        - list
    44        - watch
    45    - apiGroups:
    46        - ""
    47      resources:
    48          - events
    49      verbs:
    50          - create
    51          - patch
    52    - apiGroups:
    53        - "extensions"
    54      resources:
    55        - ingresses/status
    56      verbs:
    57        - update
    58  ---
    59  apiVersion: rbac.authorization.k8s.io/v1
    60  kind: Role
    61  metadata:
    62    name: nginx-ingress-role
    63    namespace: kube-system
    64  rules:
    65    - apiGroups:
    66        - ""
    67      resources:
    68        - configmaps
    69        - pods
    70        - secrets
    71        - namespaces
    72      verbs:
    73        - get
    74    - apiGroups:
    75        - ""
    76      resources:
    77        - configmaps
    78      resourceNames:
    79        # Defaults to "<election-id>-<ingress-class>"
    80        # Here: "<ingress-controller-leader>-<nginx>"
    81        # This has to be adapted if you change either parameter
    82        # when launching the nginx-ingress-controller.
    83        - "ingress-controller-leader-nginx"
    84      verbs:
    85        - get
    86        - update
    87    - apiGroups:
    88        - ""
    89      resources:
    90        - configmaps
    91      verbs:
    92        - create
    93    - apiGroups:
    94        - ""
    95      resources:
    96        - endpoints
    97      verbs:
    98        - get
    99        - create
   100        - update
   101  ---
   102  apiVersion: rbac.authorization.k8s.io/v1
   103  kind: RoleBinding
   104  metadata:
   105    name: nginx-ingress-role-nisa-binding
   106    namespace: kube-system
   107  roleRef:
   108    apiGroup: rbac.authorization.k8s.io
   109    kind: Role
   110    name: nginx-ingress-role
   111  subjects:
   112    - kind: ServiceAccount
   113      name: nginx-ingress-serviceaccount
   114      namespace: kube-system
   115  ---
   116  apiVersion: rbac.authorization.k8s.io/v1
   117  kind: ClusterRoleBinding
   118  metadata:
   119    name: nginx-ingress-clusterrole-nisa-binding
   120  roleRef:
   121    apiGroup: rbac.authorization.k8s.io
   122    kind: ClusterRole
   123    name: nginx-ingress-clusterrole
   124  subjects:
   125    - kind: ServiceAccount
   126      name: nginx-ingress-serviceaccount
   127      namespace: kube-system