From ab5e475d83eec4c305f5144662a456ea3860521d Mon Sep 17 00:00:00 2001
From: Joao Morais <jcmoraisjr@gmail.com>
Date: Sun, 10 May 2020 18:04:51 -0300
Subject: [PATCH] Fix permission using watch-namespace

Command-line option `--watch-namespace` configures the controller to read and use ingress objects from a single namespace. This would require fewer permissions,however the launch process tries to read the specified namespace, and such reading requires cluster wide permission. The launch process was updated to read an ingress resource instead.
---
 pkg/common/ingress/controller/launch.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/common/ingress/controller/launch.go b/pkg/common/ingress/controller/launch.go
index 0ce5c032d..bc7823695 100644
--- a/pkg/common/ingress/controller/launch.go
+++ b/pkg/common/ingress/controller/launch.go
@@ -235,7 +235,7 @@ func NewIngressController(backend ingress.Controller) *GenericController {
 	}
 
 	if *watchNamespace != "" {
-		_, err = kubeClient.CoreV1().Namespaces().Get(*watchNamespace, metav1.GetOptions{})
+		_, err = kubeClient.ExtensionsV1beta1().Ingresses(*watchNamespace).List(metav1.ListOptions{Limit: 1})
 		if err != nil {
 			glog.Fatalf("no watchNamespace with name %v found: %v", *watchNamespace, err)
 		}