問題を報告するこのページは、まだ日本語ではご利用いただけません。翻訳中です。
Required permissions to use Kong Ingress Controller
To install Kong Ingress Controller, you need to have the permissions to WRITE (create, update, get, list, watch in Kubernetes’s RBAC model) these resources.
-
For creating RBAC rules to enable Kong Ingress Controller to access required resources, you need to have the permissions to create or update
ClusterRole,ClusterRoleBindingin the cluster scope, and create or updateRole,RoleBindingin the namespace in which you want to install Kong Ingress Controller. -
To install CRDs required to configure Kong specific entities (for example,
KongPluginto configure plugins), you need to have the permissions to create and updateCustomResourceDefinition. -
For creating resources required for Kong Ingress Controller, you need to have the permissions to create or update
Deployment,Service,ServiceAccount,Secret, orConfigMapto create deployments, services, and to specify their configurations. -
If you run Kong Ingress Controller with database-backed Kong Gateway, you also need to have the permissions to create or update
PersistentVolumeClaimto set volumes used for the database, andJobto run migration jobs. -
If you want to enable auto scaling, you also need permissions to create or update
HorizontalPodAutoscaler. -
You also need the permissions to create or update
IngressClassto install a ingress class managed by Kong Ingress Controller, andValidatingWebhookConfigurationto create a webhook to validate managed resources.
You need write access to the following resources to install Kong Ingress Controller:
| Resource Kind | Resource APIVersion | Resource Scope | Usage |
|---|---|---|---|
CustomResourceDefinition |
apiextensions.k8s.io/v1 |
cluster | install CRDs |
ClusterRole |
rbac.authorization.k8s.io/v1 |
cluster | install RBAC rules |
ClusterRoleBinding |
rbac.authorization.k8s.io/v1 |
cluster | install RBAC rules |
Role |
rbac.authorization.k8s.io/v1 |
namespaced | install RBAC rules |
RoleBinding |
rbac.authorization.k8s.io/v1 |
namespaced | install RBAC rules |
Deployment |
apps/v1 |
namespaced | install components |
Service |
v1 |
namespaced | install components |
ServiceAccount |
v1 |
namespaced | install components |
Secret |
v1 |
namespaced | set configurations and credentials |
ConfigMap |
v1 |
namespaced | set configurations |
PersistentVolumeClaim |
v1 |
namespaced | claim volume for DB |
Job |
v1 |
namespaced | create DB migration jobs |
HorizontalPodAutoscaler |
autoscaling/v2 |
namespaced | configure auto scaling |
IngressClass |
networking.k8s.io/v1 |
cluster | install ingress class |
ValidatingWebhookConfiguration |
admissionregistration.k8s.io/v1 |
cluster | configure validating webhooks |
