github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-19 00:31:00 +00:00
Code Issues Projects Releases Wiki Activity

add system:discovery role

Browse Source
This commit is contained in:
deads2k 2016-09-22 14:59:52 -04:00
parent 2750c778d4
commit 87ff84a7b0
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -32,11 +32,19 @@ var (
func ClusterRoles() []rbac.ClusterRole {
return []rbac.ClusterRole{
{
// a "root" role which can do absolutely anything
ObjectMeta: api.ObjectMeta{Name: "cluster-admin"},
Rules: []rbac.PolicyRule{
rbac.NewRule("*").Groups("*").Resources("*").RuleOrDie(),
rbac.NewRule("*").URLs("*").RuleOrDie(),
},
},
{
// a role which provides just enough power to discovery API versions for negotiation
ObjectMeta: api.ObjectMeta{Name: "system:discovery"},
Rules: []rbac.PolicyRule{
rbac.NewRule("get").URLs("/version", "/api", "/api/*", "/apis", "/apis/*").RuleOrDie(),
},
},
}
}