github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-13 13:55:41 +00:00
Code Issues Projects Releases Wiki Activity

Give apiserver full access to kubelet API

Browse Source
This commit is contained in:
Jordan Liggitt 2017-03-17 17:37:17 -04:00
parent 599539dc0b
commit 87a8c21995
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/addons/rbac/apiserver-node-proxy-binding.yaml → cluster/addons/rbac/kube-apiserver-kubelet-api-admin-binding.yaml
View File

@ -1,14 +1,15 @@
# This binding gives the kube-apiserver user full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: apiserver-node-proxy name: kube-apiserver-kubelet-api-admin
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile addonmanager.kubernetes.io/mode: Reconcile
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: node-proxy name: kubelet-api-admin
subjects: subjects:
- apiGroup: rbac.authorization.k8s.io - apiGroup: rbac.authorization.k8s.io
kind: User kind: User

11
cluster/addons/rbac/node-proxy-role.yaml → cluster/addons/rbac/kubelet-api-admin-role.yaml
View File

@ -1,7 +1,8 @@
# This role allows full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: node-proxy name: kubelet-api-admin
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile addonmanager.kubernetes.io/mode: Reconcile
@ -10,15 +11,9 @@ rules:
- "" - ""
resources: resources:
- nodes/proxy - nodes/proxy
verbs:
- create
- get
- apiGroups:
- ""
resources:
- nodes/log - nodes/log
- nodes/stats - nodes/stats
- nodes/metrics - nodes/metrics
- nodes/spec - nodes/spec
verbs: verbs:
- get - "*"