docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Grant, Add SecComp profile and Update Ingress Image 

Signed-off-by: ollypom <oppomeroy@gmail.com>
This commit is contained in:
ollypom 2018-07-25 15:09:52 +01:00
parent 146a8aebe1
commit 2a05cf370f
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ee/ucp/kubernetes/layer-7-routing.md
View File

@ -52,16 +52,15 @@ The default service account that's associated with the `ingress-nginx`
namespace needs access to Kubernetes resources, so create a grant with namespace needs access to Kubernetes resources, so create a grant with
`Restricted Control` permissions. `Restricted Control` permissions.
1. Navigate to the **Grants** page and click **Create Grant**. 1. From UCP, navigate to the **Grants** page and click **Create Grant**.
2. In the left pane, click **Resource Sets**, and in the **Type** section, 2. Within the **Subject** pane, select **Service Account**. For the
click **Namespaces**. **Namespace** select **ingress-nginx**, and select **default** for
3. Enable the **Apply grant to all existing and new namespaces** option. the **Service Account**. Click **Next**.
4. In the left pane, click **Roles**. In the **Role** dropdown, select 3. Within the **Role** pane, select **Restricted Control** and then click
**Restricted Control**. **Next**
5. In the left pane, click **Subjects**, and select **Service Account**. 4. Within the **Resource Set** pane, select the **Type** **Namespace** and
6. In the **Namespace** dropdown, select **ingress-nginx**, and in the select the **Apply grant to all existing and new namespaces** toggle.
**Service Account** dropdown., select **default**. 5. Click **Create**.
7. Click **Create**.
> Ingress and role-based access control > Ingress and role-based access control
> >
@ -91,6 +90,8 @@ metadata:
labels: labels:
app: default-http-backend app: default-http-backend
namespace: ingress-nginx namespace: ingress-nginx
annotations:
seccomp.security.alpha.kubernetes.io/pod: docker/default
spec: spec:
replicas: 1 replicas: 1
template: template:
@ -161,6 +162,8 @@ kind: Deployment
metadata: metadata:
name: nginx-ingress-controller name: nginx-ingress-controller
namespace: ingress-nginx namespace: ingress-nginx
annotations:
seccomp.security.alpha.kubernetes.io/pod: docker/default
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -186,7 +189,7 @@ spec:
privileged: true privileged: true
containers: containers:
- name: nginx-ingress-controller - name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.2 image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
args: args:
- /nginx-ingress-controller - /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend - --default-backend-service=$(POD_NAMESPACE)/default-http-backend