mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #67224 from grayluck/namespace-cloudprovider-rbac
Automatic merge from submit-queue (batch tested with PRs 65251, 67255, 67224, 67297, 68105). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md. Add namespace for (cluster)role(binding) cloud-provider. **What this PR does / why we need it**: Add namespace for (cluster)role(binding) cloud-provider. Change the addonmanager mode to be from reconcile to EnsureExists. Needs to be cherrypicked together with https://github.com/kubernetes/kubernetes/pull/59686. **Special notes for your reviewer**: /assign @bowei @tallclair /sig auth **Release note**: ```release-note Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists. ``` Manual tested. Cluster can be created succesfully using kube-up.sh with desired (cluster)role(binding)s.
This commit is contained in:
commit
6900a8042b
@ -3,12 +3,12 @@ kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: cloud-provider
|
||||
name: gce:cloud-provider
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: cloud-provider
|
||||
name: gce:cloud-provider
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cloud-provider
|
||||
@ -19,11 +19,11 @@ kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: cloud-provider
|
||||
name: gce:cloud-provider
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cloud-provider
|
||||
name: gce:cloud-provider
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cloud-provider
|
||||
|
@ -3,7 +3,7 @@ kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: cloud-provider
|
||||
name: gce:cloud-provider
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
@ -23,7 +23,51 @@ kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: cloud-provider
|
||||
name: gce:cloud-provider
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: cloud-provider
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/deprecation: 'cloud-provider role is DEPRECATED in the
|
||||
concern of potential collisions and will be removed in 1.16. Do not use
|
||||
this role.'
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
name: cloud-provider
|
||||
annotations:
|
||||
kubernetes.io/deprecation: 'cloud-provider clusterrole is DEPRECATED in the
|
||||
concern of potential collisions and will be removed in 1.16. Do not use
|
||||
this role.'
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
Loading…
Reference in New Issue
Block a user