fix ingress rbac roles

There was 2 things that the current IC (0.9 beta7) needs. The ClusterRole was missing `get nodes`: ``` RBAC DENY: user "system:serviceaccount:kube-system:nginx-ingress-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "get" resource "nodes" named "xxx" cluster-wide ``` The Role was missing `update configmaps`: ```RBAC DENY: user "system:serviceaccount:kube-system:nginx-ingress-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "update" resource "configmaps" named "ingress-controller-leader-nginx" in namespace "kube-system"```
kubernetes · Jun 1, 2017 · c96758a · c96758a
1 parent a6bba68
commit c96758a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/examples/rbac/nginx/nginx-ingress-controller-rbac.yml b/examples/rbac/nginx/nginx-ingress-controller-rbac.yml
@@ -23,6 +23,7 @@ rules:
       - pods
       - secrets
     verbs:
+      - get
       - list
       - watch
   - apiGroups:
@@ -69,6 +70,7 @@ rules:
       - secrets
     verbs:
       - get
+      - update
   - apiGroups:
       - ""
     resources: