github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

give nodes update/delete permissions

Browse Source
This commit is contained in:
Jordan Liggitt 2017-02-13 13:14:47 -05:00
parent 95badd95ce
commit 967d4fb5f7
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -192,6 +192,7 @@ func ClusterRoles() []rbac.ClusterRole {
rbac.NewRule("create", "get", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(), rbac.NewRule("create", "get", "list", "watch").Groups(legacyGroup).Resources("nodes").RuleOrDie(),
// TODO: restrict to the bound node once supported // TODO: restrict to the bound node once supported
rbac.NewRule("update", "patch").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(), rbac.NewRule("update", "patch").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(),
rbac.NewRule("update", "patch", "delete").Groups(legacyGroup).Resources("nodes").RuleOrDie(),
// TODO: restrict to the bound node as creator once supported // TODO: restrict to the bound node as creator once supported
rbac.NewRule("create", "update", "patch").Groups(legacyGroup).Resources("events").RuleOrDie(), rbac.NewRule("create", "update", "patch").Groups(legacyGroup).Resources("events").RuleOrDie(),

8
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml vendored
View File

@ -541,6 +541,14 @@ items:
verbs: verbs:
- patch - patch
- update - update
- apiGroups:
- ""
resources:
- nodes
verbs:
- delete
- patch
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources: