From c96758a7d5db2a3261033749077c57344b912167 Mon Sep 17 00:00:00 2001
From: Puja <puja108@gmail.com>
Date: Thu, 1 Jun 2017 17:00:40 +0200
Subject: [PATCH] fix ingress rbac roles

There was 2 things that the current IC (0.9 beta7) needs.

The ClusterRole was missing `get nodes`:

```
RBAC DENY: user "system:serviceaccount:kube-system:nginx-ingress-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "get" resource "nodes" named "xxx" cluster-wide
```

The Role was missing `update configmaps`:

```RBAC DENY: user "system:serviceaccount:kube-system:nginx-ingress-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "update" resource "configmaps" named "ingress-controller-leader-nginx" in namespace "kube-system"```
---
 examples/rbac/nginx/nginx-ingress-controller-rbac.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/examples/rbac/nginx/nginx-ingress-controller-rbac.yml b/examples/rbac/nginx/nginx-ingress-controller-rbac.yml
index fbe50f7ae2..f368119199 100644
--- a/examples/rbac/nginx/nginx-ingress-controller-rbac.yml
+++ b/examples/rbac/nginx/nginx-ingress-controller-rbac.yml
@@ -23,6 +23,7 @@ rules:
       - pods
       - secrets
     verbs:
+      - get
       - list
       - watch
   - apiGroups:
@@ -69,6 +70,7 @@ rules:
       - secrets
     verbs:
       - get
+      - update
   - apiGroups:
       - ""
     resources: