From bea625fd65446cca33974e904e4d8c374f047c34 Mon Sep 17 00:00:00 2001 From: yankaiz Date: Thu, 9 Aug 2018 17:38:12 -0700 Subject: [PATCH] Add namespace for (cluster)role(binding) cloud-provider. Change the addonmanager mode to be from reconcile to EnsureExists. --- .../loadbalancing/cloud-provider-binding.yaml | 8 ++-- .../loadbalancing/cloud-provider-role.yaml | 48 ++++++++++++++++++- 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/cluster/gce/addons/loadbalancing/cloud-provider-binding.yaml b/cluster/gce/addons/loadbalancing/cloud-provider-binding.yaml index 09b8ebf34bc..f58d21ff567 100644 --- a/cluster/gce/addons/loadbalancing/cloud-provider-binding.yaml +++ b/cluster/gce/addons/loadbalancing/cloud-provider-binding.yaml @@ -3,12 +3,12 @@ kind: RoleBinding metadata: labels: addonmanager.kubernetes.io/mode: Reconcile - name: cloud-provider + name: gce:cloud-provider namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: cloud-provider + name: gce:cloud-provider subjects: - kind: ServiceAccount name: cloud-provider @@ -19,11 +19,11 @@ kind: ClusterRoleBinding metadata: labels: addonmanager.kubernetes.io/mode: Reconcile - name: cloud-provider + name: gce:cloud-provider roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cloud-provider + name: gce:cloud-provider subjects: - kind: ServiceAccount name: cloud-provider diff --git a/cluster/gce/addons/loadbalancing/cloud-provider-role.yaml b/cluster/gce/addons/loadbalancing/cloud-provider-role.yaml index 64198859754..acfbc7d231f 100644 --- a/cluster/gce/addons/loadbalancing/cloud-provider-role.yaml +++ b/cluster/gce/addons/loadbalancing/cloud-provider-role.yaml @@ -3,7 +3,7 @@ kind: Role metadata: labels: addonmanager.kubernetes.io/mode: Reconcile - name: cloud-provider + name: gce:cloud-provider namespace: kube-system rules: - apiGroups: @@ -23,7 +23,51 @@ kind: ClusterRole metadata: labels: addonmanager.kubernetes.io/mode: Reconcile - name: cloud-provider + name: gce:cloud-provider +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + addonmanager.kubernetes.io/mode: Reconcile + name: cloud-provider + namespace: kube-system + annotations: + kubernetes.io/deprecation: 'cloud-provider role is DEPRECATED in the + concern of potential collisions and will be removed in 1.16. Do not use + this role.' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - patch + - update + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + addonmanager.kubernetes.io/mode: Reconcile + name: cloud-provider + annotations: + kubernetes.io/deprecation: 'cloud-provider clusterrole is DEPRECATED in the + concern of potential collisions and will be removed in 1.16. Do not use + this role.' rules: - apiGroups: - ""