mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-16 22:53:22 +00:00
remove second CA used for kubelet auth in favor of webhook auth
This commit is contained in:
Mike Danese
14
cluster/addons/rbac/apiserver-node-proxy-binding.yaml
Normal file
14
cluster/addons/rbac/apiserver-node-proxy-binding.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: apiserver-node-proxy
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: node-proxy
|
||||
subjects:
|
||||
- apiVersion: rbac/v1beta1
|
||||
kind: User
|
||||
name: kube-apiserver
|
||||
23
cluster/addons/rbac/node-proxy-role.yaml
Normal file
23
cluster/addons/rbac/node-proxy-role.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: node-proxy
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/proxy
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/log
|
||||
- nodes/stats
|
||||
- nodes/metrics
|
||||
- nodes/spec
|
||||
verbs:
|
||||
- get
|
||||
Reference in New Issue
Block a user