Commits on Jun 2, 2017

1. Fix kubernetes#798 - RBAC for leader election …

   Using gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7
   the nginx-controller needs to handle leader-election via configmaps.
   
   To perform the leader-election the nginx-controller needs to have the
   appropiate RBAC permissions.
   
   Previously to this fix, the following errors occured:
   
   -  cannot get configmaps in the namespace "NAMESPACE_PLACEHOLDER". (get configmaps ingress-controller-leader-nginx)
   - initially creating leader election record: User "system:serviceaccount:NAMESPACE_PLACEHOLDER" cannot create configmaps in the namespace "NAMESPACE_PLACEHOLDER". (post configmaps)
   
   fix ingress rbac roles
   
   There was 2 things that the current IC (0.9 beta7) needs.
   
   The ClusterRole was missing `get nodes`:
   
   ```
   RBAC DENY: user "system:serviceaccount:kube-system:nginx-ingress-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "get" resource "nodes" named "xxx" cluster-wide
   ```
   
   The Role was missing `update configmaps`:
   
   ```RBAC DENY: user "system:serviceaccount:kube-system:nginx-ingress-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "update" resource "configmaps" named "ingress-controller-leader-nginx" in namespace "kube-system"```
   
   removed update configmap because of kubernetes#798
   
   rebased on master, moved get nodes to own rule
   
   added get nodes to cluster permissions

   

   weitzj authored and puja108 committed Jun 2, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for cf4ad26
   • Browse repository at this point

   Copy the full SHA

   cf4ad26 View commit details

   Browse the repository at this point in the history