Merge pull request #42351 from liggitt/scheduler-statefulset

Automatic merge from submit-queue (batch tested with PRs 41919, 41149, 42350, 42351, 42285) Add read permissions for statefulsets for kube-scheduler https://github.com/kubernetes/kubernetes/issues/41708 added statefulset awareness to the scheduler. This adds the corresponding permission to the scheduler role.
2025-07-22 19:31:44 +00:00 · 2017-03-03 16:44:43 -08:00 · 2017-03-03 16:44:43 -08:00 · 346c0ba993
commit 346c0ba993
parent b432e137e6 4525e042fc
2 changed files with 9 additions and 0 deletions
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@ -351,6 +351,7 @@ func ClusterRoles() []rbac.ClusterRole {
 				// things that select pods
 				rbac.NewRule(Read...).Groups(legacyGroup).Resources("services", "replicationcontrollers").RuleOrDie(),
 				rbac.NewRule(Read...).Groups(extensionsGroup).Resources("replicasets").RuleOrDie(),
+				rbac.NewRule(Read...).Groups(appsGroup).Resources("statefulsets").RuleOrDie(),
 				// things that pods use
 				rbac.NewRule(Read...).Groups(legacyGroup).Resources("persistentvolumeclaims", "persistentvolumes").RuleOrDie(),
 			},
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
@ -645,6 +645,14 @@ items:
    - get
    - list
    - watch
+  - apiGroups:
+    - apps
+    resources:
+    - statefulsets
+    verbs:
+    - get
+    - list
+    - watch
  - apiGroups:
    - ""
    resources: