mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #40938 from mikedanese/rotation-permission
Automatic merge from submit-queue (batch tested with PRs 40906, 40924, 40938, 40902, 40911) allow the kubelet to request certificates
This commit is contained in:
commit
839014ac04
@ -217,6 +217,9 @@ func ClusterRoles() []rbac.ClusterRole {
|
||||
// TODO: change glusterfs to use DNS lookup so this isn't needed?
|
||||
// Needed for glusterfs volumes
|
||||
rbac.NewRule("get").Groups(legacyGroup).Resources("endpoints").RuleOrDie(),
|
||||
// Used to create a certificatesigningrequest for a node-specific client certificate, and watch
|
||||
// for it to be signed. This allows the kubelet to rotate it's own certificate.
|
||||
rbac.NewRule("create", "get", "list", "watch").Groups(certificatesGroup).Resources("certificatesigningrequests").RuleOrDie(),
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -569,6 +569,15 @@ items:
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
Loading…
Reference in New Issue
Block a user