Skip to content

Commit dc8b89a

Browse files
sarthypartysarthyparty
committed
update rbac permissions for gateway api resources
1 parent d321656 commit dc8b89a

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

docs/reference/permissions.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,12 @@ The control plane requires these Kubernetes API permissions:
5050
- **ServiceAccounts**: Create, update, delete, list, get, watch
5151
- **Namespaces, Pods**: Get, list, watch
5252
- **Events**: Create, patch
53-
- **Gateway API resources**: Full access
54-
- **Custom resources** (NginxGateway, NginxProxy): Full access
53+
- **EndpointSlices**: List, watch
54+
- **Gateway API resources**: List, watch (read-only) + update status subresources only
55+
- **NGF Custom resources**: Get, list, watch (read-only) + update status subresources only
56+
- **Leases**: Create, get, update (for leader election)
57+
- **CustomResourceDefinitions**: List, watch
58+
- **TokenReviews**: Create (for authentication)
5559

5660
## Data Plane
5761

0 commit comments

Comments
 (0)