Fix #798 - RBAC for leader election

[weitzj]

Fixes: #798

Using gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.7
the nginx-controller needs to handle leader-election via configmaps.

To perform the leader-election the nginx-controller needs to have the
appropiate RBAC permissions.

Previously to this fix, the following errors occured:

• cannot get configmaps in the namespace "NAMESPACE_PLACEHOLDER". (get configmaps ingress-controller-leader-nginx)
• initially creating leader election record: User "system:serviceaccount:NAMESPACE_PLACEHOLDER" cannot create configmaps in the namespace "NAMESPACE_PLACEHOLDER". (post configmaps)

And another error message concerning update (I do not have the logs any more)

Related to:

• [feature request] rbac role manifest #266
• added rbac example discussed in kubernetes/ingress issue #266 #747

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-reviewable]

This change is 

[weitzj]

I have now signed the agreement.

[weitzj]

@aledbf @nevetS It would be nice if you could review this PR.

[coveralls]

Changes Unknown when pulling 1ff0191 on weitzj:fix/798 into ** on kubernetes:master**.

[coveralls]

Changes Unknown when pulling cfef998 on weitzj:fix/798 into ** on kubernetes:master**.

[aledbf]

@weitzj this LGTM but I think you should add a comment indicating that the name of the configmap can change if the flag --election-id and --ingress-class are specified
The default value is <ingress-controller-leader>-<nginx>

https://github.com/kubernetes/ingress/blob/master/core/pkg/ingress/controller/launch.go#L87

[weitzj]

@aledbf I did add a comment and updated the README. If this is fine with you, I will squash my branch and force-push.

[coveralls]

Changes Unknown when pulling b84c9b4 on weitzj:fix/798 into ** on kubernetes:master**.

[aledbf]

@weitzj please squash so we can merge this PR. Thanks!

[abh]

If nginx is configured with a configmap for custom configuration we need to be able to read that, too.

[weitzj]

Ok. Then I will readd the old get for configmap as was present before this PR and just add the new readwrite configmap for the resourceName

[weitzj]

• I have reverted the deletion of configmaps:get in the yaml as well as REAMD.md (as suggested by @abh )
• @aledbf The branch was squashed and force-pushed.
• Related PR, which might be obsolete when this PR gets merged: fix ingress rbac roles #806 (unless one needs a ClusterRole instead of a Role)

[coveralls]

Changes Unknown when pulling 3ad6fa8 on weitzj:fix/798 into ** on kubernetes:master**.

[aledbf]

/lgtm

[aledbf]

@weitzj thanks!

[nevetS]

Fantastic! Sorry to take so long to get here. @aledbf moves quickly. @weitzj - much appreciated.