github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #51011 from xilabao/rbac-v1-in-yaml

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 50489, 51070, 51011, 51022, 51141)

update to rbac v1 in yaml file

**What this PR does / why we need it**:
ref to https://github.com/kubernetes/kubernetes/pull/49642
ref https://github.com/kubernetes/features/issues/2

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:
cc @liggitt 

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2017-08-23 19:54:28 -07:00 committed by GitHub
commit 3b2e403a37
17 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cluster/addons/cluster-monitoring/heapster-rbac.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: heapster-binding
@ -16,7 +16,7 @@ subjects:
---
# Heapster's pod_nanny monitors the heapster deployment & its pod(s), and scales
# the resources of the deployment if necessary.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: system:pod-nanny
@ -39,7 +39,7 @@ rules:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: heapster-binding

4
cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler-rbac.yaml
View File

@ -21,7 +21,7 @@ metadata:
addonmanager.kubernetes.io/mode: Reconcile
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
labels:
@ -43,7 +43,7 @@ rules:
verbs: ["get", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-dns-autoscaler
labels:

4
cluster/addons/fluentd-elasticsearch/es-statefulset.yaml
View File

@ -10,7 +10,7 @@ metadata:
addonmanager.kubernetes.io/mode: Reconcile
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: elasticsearch-logging
labels:
@ -28,7 +28,7 @@ rules:
- "get"
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: kube-system
name: elasticsearch-logging

4
cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
View File

@ -9,7 +9,7 @@ metadata:
addonmanager.kubernetes.io/mode: Reconcile
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fluentd-es
labels:
@ -28,7 +28,7 @@ rules:
- "list"
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fluentd-es
labels:

2
cluster/addons/fluentd-gcp/event-exporter.yaml
View File

@ -8,7 +8,7 @@ metadata:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-exporter-rb

2
cluster/addons/node-problem-detector/npd.yaml
View File

@ -7,7 +7,7 @@ metadata:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: npd-binding

2
cluster/addons/node-problem-detector/standalone/npd-binding.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: npd-binding

2
cluster/addons/rbac/kube-apiserver-kubelet-api-admin-binding.yaml
View File

@ -1,5 +1,5 @@
# This binding gives the kube-apiserver user full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-apiserver-kubelet-api-admin

2
cluster/addons/rbac/kubelet-api-admin-role.yaml
View File

@ -1,5 +1,5 @@
# This role allows full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubelet-api-admin

2
cluster/addons/rbac/kubelet-binding.yaml
View File

@ -2,7 +2,7 @@
# identify the system:nodes group. They use the kubelet identity
# TODO: remove this once new nodes are granted individual identities and the
# NodeAuthorizer is enabled.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelet-cluster-admin

8
cluster/addons/rbac/kubelet-certificate-management.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gce:beta:kubelet-certificate-bootstrap
@ -14,7 +14,7 @@ subjects:
kind: User
name: kubelet
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gce:beta:kubelet-certificate-rotation
@ -30,7 +30,7 @@ subjects:
kind: Group
name: system:nodes
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gce:beta:kubelet-certificate-bootstrap
@ -45,7 +45,7 @@ rules:
verbs:
- "create"
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gce:beta:kubelet-certificate-rotation

6
examples/podsecuritypolicy/rbac/bindings.yaml
View File

@ -1,6 +1,6 @@
# privilegedPSP gives the privilegedPSP role
# to the group privileged.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: privileged-psp-users
@ -15,7 +15,7 @@ roleRef:
---
# restrictedPSP grants the restrictedPSP role to
# the groups restricted and privileged.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: restricted-psp-users
@ -33,7 +33,7 @@ roleRef:
---
# edit grants edit role to the groups
# restricted and privileged.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: edit

4
examples/podsecuritypolicy/rbac/roles.yaml
View File

@ -1,6 +1,6 @@
# restrictedPSP grants access to use
# the restricted PSP.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: restricted-psp-user
@ -16,7 +16,7 @@ rules:
---
# privilegedPSP grants access to use the privileged
# PSP.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: privileged-psp-user

2
test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/heapster-binding.yaml
View File

@ -1,5 +1,5 @@
# This is the role binding for the kubemark heapster.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: heapster-view-binding

2
test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/kubecfg-binding.yaml
View File

@ -2,7 +2,7 @@
# used for listing hollow-nodes in start-kubemark.sh and
# send resource creation requests, etc in run-e2e-tests.sh.
# Also useful if you manually want to use local kubectl.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubecfg-cluster-admin

2
test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/kubelet-binding.yaml
View File

@ -2,7 +2,7 @@
#
# TODO: give each kubelet a credential in the system:nodes group with username system:node:<nodeName>,
# to exercise the Node authorizer and admission, then remove this binding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelet-node

2
test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/npd-binding.yaml
View File

@ -1,5 +1,5 @@
# This is the role binding for the node-problem-detector.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: node-problem-detector-binding