Merge pull request #48050 from luxas/fix_rbac_configmaps

Automatic merge from submit-queue kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns **What this PR does / why we need it**: Noticed a bug; we should only expose the `cluster-info` ConfigMap. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # Fixes: https://github.com/kubernetes/kubeadm/issues/320 **Special notes for your reviewer**: Cherrypick-candidate for v1.8 cc @dchen1107 Not blocking the release though... **Release note**: ```release-note NONE ``` @jbeda @pipejakob @timothysc @kubernetes/sig-cluster-lifecycle-pr-reviews
2025-07-23 19:56:01 +00:00 · 2017-06-28 03:29:27 -07:00 · 2017-06-28 03:29:27 -07:00 · 6089557887
commit 6089557887
parent 18e8bedb2b 037c9e8965
1 changed files with 1 additions and 1 deletions
--- a/cmd/kubeadm/app/phases/apiconfig/clusterroles.go
+++ b/cmd/kubeadm/app/phases/apiconfig/clusterroles.go
@ -105,7 +105,7 @@ func createRoles(clientset *clientset.Clientset) error {
 				Namespace: metav1.NamespacePublic,
 			},
 			Rules: []rbac.PolicyRule{
-				rbachelper.NewRule("get").Groups("").Resources("configmaps").RuleOrDie(),
+				rbachelper.NewRule("get").Groups("").Resources("configmaps").Names("cluster-info").RuleOrDie(),
 			},
 		},
 	}