From 0c59d4db32a52bb9b86d55c799f4c4cbc9f8deb4 Mon Sep 17 00:00:00 2001
From: Tim Allclair <tallclair@google.com>
Date: Fri, 31 Aug 2018 18:22:13 -0700
Subject: [PATCH] Add RuntimeClass read permission for nodes

---
 plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
index b8489e76763..05366f6ed59 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@@ -165,6 +165,11 @@ func NodeRules() []rbacv1.PolicyRule {
 	if utilfeature.DefaultFeatureGate.Enabled(features.NodeLease) {
 		nodePolicyRules = append(nodePolicyRules, rbacv1helpers.NewRule("get", "create", "update", "patch", "delete").Groups("coordination.k8s.io").Resources("leases").RuleOrDie())
 	}
+
+	// RuntimeClass
+	if utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) {
+		nodePolicyRules = append(nodePolicyRules, rbacv1helpers.NewRule("get", "list", "watch").Groups("node.k8s.io").Resources("runtimeclasses").RuleOrDie())
+	}
 	return nodePolicyRules
 }