github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 23:15:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #39963 from deads2k/rbac-39-permissions

Browse Source 
Automatic merge from submit-queue

add patch RS to deployment controller

Found in http://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-gci-gce/2841/artifacts/bootstrap-e2e-master/, `RBAC DENY: user "system:serviceaccount:kube-system:deployment-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "patch" on "replicasets.extensions/" in namespace "e2e-tests-deployment-3rj5g"
`

@kubernetes/sig-auth-misc
This commit is contained in:
Kubernetes Submit Queue 2017-01-16 12:15:16 -08:00 committed by GitHub
commit 6cd0592a46
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@ -94,7 +94,7 @@ func init() {
Rules: []rbac.PolicyRule{
rbac.NewRule("get", "list", "watch", "update").Groups(extensionsGroup).Resources("deployments").RuleOrDie(),
rbac.NewRule("update").Groups(extensionsGroup).Resources("deployments/status").RuleOrDie(),
rbac.NewRule("get", "list", "watch", "create", "update", "delete").Groups(extensionsGroup).Resources("replicasets").RuleOrDie(),
rbac.NewRule("get", "list", "watch", "create", "update", "patch", "delete").Groups(extensionsGroup).Resources("replicasets").RuleOrDie(),
// TODO: remove "update" once
// https://github.com/kubernetes/kubernetes/issues/36897 is resolved.
rbac.NewRule("get", "list", "watch", "update").Groups(legacyGroup).Resources("pods").RuleOrDie(),

1
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml vendored
View File

@ -232,6 +232,7 @@ items:
- delete
- get
- list
- patch
- update
- watch
- apiGroups: