Home / Kong Ingress Controller / Reference

Edit this Page Edit

Report an Issue Report

Permissions required to install Kong Ingress Controller

Uses: Kong Ingress Controller

Related Documentation

All KIC Documentation

To install Kong Ingress Controller, you need to have the permissions to write (create, update, get, list, watch in Kubernetes’s RBAC model) the following resources:

CustomResourceDefinition to configure Kong-specific entities (for example, KongPlugin to configure plugins).
ClusterRole, ClusterRoleBinding (cluster scoped), Role,RoleBinding (namespace scoped) to create RBAC rules to enable Kong Ingress Controller to access required resources.
Deployment, Service, ServiceAccount, Secret, and ConfigMap to create deployments, services, and to specify their configurations.
IngressClass to install an ingress class managed by Kong Ingress Controller.
ValidatingWebhookConfiguration to create a webhook to validate managed resources.
(Optional) HorizontalPodAutoscaler to enable autoscaling.
(Optional) PersistentVolumeClaim to set volumes used for the database, and Job to run migration jobs if you’re using a database-backed deployment.

All required resources

You need write access to the following resources to install Kong Ingress Controller:

Resource Kind	Resource APIVersion	Resource Scope	Purpose
`CustomResourceDefinition`	`apiextensions.k8s.io/v1`	Cluster	Install CRDs
`ClusterRole`	`rbac.authorization.k8s.io/v1`	Cluster	Install RBAC rules
`ClusterRoleBinding`	`rbac.authorization.k8s.io/v1`	Cluster	Install RBAC rules
`Role`	`rbac.authorization.k8s.io/v1`	Namespaced	Install RBAC rules
`RoleBinding`	`rbac.authorization.k8s.io/v1`	Namespaced	Install RBAC rules
`Deployment`	`apps/v1`	Namespaced	Install components
`Service`	`v1`	Namespaced	Install components
`ServiceAccount`	`v1`	Namespaced	Install components
`Secret`	`v1`	Namespaced	Set configurations and credentials
`ConfigMap`	`v1`	Namespaced	Set configurations
`IngressClass`	`networking.k8s.io/v1`	Cluster	Install ingress class
`ValidatingWebhookConfiguration`	`admissionregistration.k8s.io/v1`	Cluster	Configure validating webhooks

Optional resources

The following resources may be required for specific use cases:

Resource Kind	Resource APIVersion	Resource Scope	Purpose
`PersistentVolumeClaim`	`v1`	Namespaced	Claim volume for DB
`Job`	`v1`	Namespaced	Create DB migration jobs
`HorizontalPodAutoscaler`	`autoscaling/v2`	Namespaced	configure autoscaling

Something wrong?

Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!

Contribute

Still need help

Ask in our Forum

Contact Support