From 1fe517e96a878093e0fb4db1f1a75e797fbce7be Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 6 Jan 2017 14:15:36 -0500 Subject: [PATCH] Include admin in super-user group --- .../addons/e2e-rbac-bindings/admin-binding.yaml | 16 ---------------- cluster/gce/container-linux/configure-helper.sh | 4 ++-- cluster/gce/gci/configure-helper.sh | 4 ++-- 3 files changed, 4 insertions(+), 20 deletions(-) delete mode 100644 cluster/addons/e2e-rbac-bindings/admin-binding.yaml diff --git a/cluster/addons/e2e-rbac-bindings/admin-binding.yaml b/cluster/addons/e2e-rbac-bindings/admin-binding.yaml deleted file mode 100644 index 370635e7494..00000000000 --- a/cluster/addons/e2e-rbac-bindings/admin-binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# something in the kube e2e uses an admin identity to list pods -# TODO figure out what is doing this and ultimately remove this binding -apiVersion: rbac.authorization.k8s.io/v1alpha1 -kind: ClusterRoleBinding -metadata: - name: admin-cluster-admin - labels: - kubernetes.io/cluster-service: "true" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: view -subjects: -- apiVersion: rbac/v1alpha1 - kind: User - name: admin diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh index a3caaf6ea16..e78dd900e31 100755 --- a/cluster/gce/container-linux/configure-helper.sh +++ b/cluster/gce/container-linux/configure-helper.sh @@ -140,11 +140,11 @@ function create-master-auth { fi local -r basic_auth_csv="${auth_dir}/basic_auth.csv" if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then - echo "${KUBE_PASSWORD},${KUBE_USER},admin" > "${basic_auth_csv}" + echo "${KUBE_PASSWORD},${KUBE_USER},admin,system:masters" > "${basic_auth_csv}" fi local -r known_tokens_csv="${auth_dir}/known_tokens.csv" if [[ ! -e "${known_tokens_csv}" ]]; then - echo "${KUBE_BEARER_TOKEN},admin,admin" > "${known_tokens_csv}" + echo "${KUBE_BEARER_TOKEN},admin,admin,system:masters" > "${known_tokens_csv}" echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}" echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}" echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}" diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index d4368fd7833..6d414d5a57b 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -207,11 +207,11 @@ function create-master-auth { fi local -r basic_auth_csv="${auth_dir}/basic_auth.csv" if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then - echo "${KUBE_PASSWORD},${KUBE_USER},admin" > "${basic_auth_csv}" + echo "${KUBE_PASSWORD},${KUBE_USER},admin,system:masters" > "${basic_auth_csv}" fi local -r known_tokens_csv="${auth_dir}/known_tokens.csv" if [[ ! -e "${known_tokens_csv}" ]]; then - echo "${KUBE_BEARER_TOKEN},admin,admin" > "${known_tokens_csv}" + echo "${KUBE_BEARER_TOKEN},admin,admin,system:masters" > "${known_tokens_csv}" echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}" echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}" echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}"