Merge pull request #1127 from jzinkweg/feature/leader-leases-resource

Update RBAC configuration and docs to include leases resource for leader election
jcmoraisjr · Jun 3, 2024 · 0a1b2af · 0a1b2af
2 parents e21d537 + 3213db7
commit 0a1b2af
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 5 deletions.
diff --git a/docs/haproxy-ingress.yaml b/docs/haproxy-ingress.yaml
@@ -71,6 +71,14 @@ metadata:
   name: ingress-controller
   namespace: ingress-controller
 rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
   - apiGroups:
       - ""
     resources:

diff --git a/docs/static/resources/haproxy-ingress.yaml b/docs/static/resources/haproxy-ingress.yaml
@@ -40,9 +40,10 @@ rules:
       - list
       - watch
   - apiGroups:
-      - "extensions"
-      - "networking.k8s.io"
+      - extensions
+      - networking.k8s.io
     resources:
+      - ingressclasses
       - ingresses
     verbs:
       - get
@@ -56,8 +57,8 @@ rules:
       - create
       - patch
   - apiGroups:
-      - "extensions"
-      - "networking.k8s.io"
+      - extensions
+      - networking.k8s.io
     resources:
       - ingresses/status
     verbs:
@@ -69,6 +70,14 @@ metadata:
   name: ingress-controller
   namespace: ingress-controller
 rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
   - apiGroups:
       - ""
     resources:

diff --git a/examples/rbac/README.md b/examples/rbac/README.md
@@ -41,9 +41,11 @@ The Role permissions are:
 * `endpoints`: create, get, update
 
 Furthermore to support leader-election, the ingress controller needs to
-have access to a `configmap` in the `ingress-controller` namespace:
+have access to both the `configmap` and `leases` resources in the
+`ingress-controller` namespace:
 
 * `configmaps`: get, update, create
+* `coordination.k8s.io/leases`: get, update, create
 
 ## Namespace created in this example
 

diff --git a/examples/rbac/ingress-controller-rbac.yml b/examples/rbac/ingress-controller-rbac.yml
@@ -71,6 +71,14 @@ metadata:
   name: ingress-controller
   namespace: ingress-controller
 rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
   - apiGroups:
       - ""
     resources: