github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 07:47:56 +00:00
Code Issues Projects Releases Wiki Activity

don't add kubelet legacy binding if we aren't registering the master kubelet

Browse Source
This commit is contained in:
Mike Danese 2017-10-18 09:56:19 -07:00
parent 8b3a8adb17
commit 3f7e1cccd2
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cluster/addons/rbac/legacy-kubelet-user-disable/kubelet-binding.yaml Normal file
View File

@ -0,0 +1,14 @@
# This is required so that old clusters don't remove required bindings for 1.5
# kubelets to function.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelet-cluster-admin
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: EnsureExists
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node
subjects:

8
cluster/gce/gci/configure-helper.sh
View File

@ -1743,7 +1743,13 @@ function start-kube-addons {
local -r dst_dir="/etc/kubernetes/addons" local -r dst_dir="/etc/kubernetes/addons"
# prep addition kube-up specific rbac objects # prep addition kube-up specific rbac objects
setup-addon-manifests "addons" "rbac" setup-addon-manifests "addons" "rbac/kubelet-api-auth"
setup-addon-manifests "addons" "rbac/kubelet-cert-rotation"
if [[ "${REGISTER_MASTER_KUBELET:-false}" == "true" ]]; then
setup-addon-manifests "addons" "rbac/legacy-kubelet-user"
else
setup-addon-manifests "addons" "rbac/legacy-kubelet-user-disabled"
fi
# Set up manifests of other addons. # Set up manifests of other addons.
if [[ "${KUBE_PROXY_DAEMONSET:-}" == "true" ]]; then if [[ "${KUBE_PROXY_DAEMONSET:-}" == "true" ]]; then