Restrict namespace RBAC if scoped

helm · Aug 14, 2017 · fbe521c · fbe521c
1 parent a5eca07
commit fbe521c
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/stable/nginx-ingress/templates/clusterrole.yaml b/stable/nginx-ingress/templates/clusterrole.yaml
@@ -20,12 +20,19 @@ rules:
     verbs:
       - list
       - watch
+{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
   - apiGroups:
       - ""
     resources:
-    {{- if .Values.controller.scope.enabled }}
       - namespaces
-    {{- end }}
+    resourceNames:
+      - "{{ .Values.controller.scope.namespace }}"
+    verbs:
+      - get
+{{- end }}
+  - apiGroups:
+      - ""
+    resources:
       - nodes
     verbs:
       - get