github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #114801 from SataQiu/fix-hpa-rbac

Browse Source 
Remove heapster rule from system:controller:horizontal-pod-autoscaler clusterrole
This commit is contained in:
Kubernetes Prow Robot 2023-01-04 08:24:01 -08:00 committed by GitHub
commit 3f05d41a41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@ -233,8 +233,6 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
rbacv1helpers.NewRule("update").Groups(autoscalingGroup).Resources("horizontalpodautoscalers/status").RuleOrDie(),
rbacv1helpers.NewRule("get", "update").Groups("*").Resources("*/scale").RuleOrDie(),
rbacv1helpers.NewRule("list").Groups(legacyGroup).Resources("pods").RuleOrDie(),
// TODO: restrict this to the appropriate namespace
rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("services/proxy").Names("https:heapster:", "http:heapster:").RuleOrDie(),
// allow listing resource, custom, and external metrics
rbacv1helpers.NewRule("list").Groups(resMetricsGroup).Resources("pods").RuleOrDie(),
rbacv1helpers.NewRule("get", "list").Groups(customMetricsGroup).Resources("*").RuleOrDie(),

9
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml vendored
View File

@ -749,15 +749,6 @@ items:
- pods
verbs:
- list
- apiGroups:
- ""
resourceNames:
- 'http:heapster:'
- 'https:heapster:'
resources:
- services/proxy
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources: