mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
include patch permission for kubelets
This commit is contained in:
parent
212a16eccc
commit
9fe2c53624
@ -119,7 +119,7 @@ func NodeRules() []rbacv1.PolicyRule {
|
|||||||
rbacv1helpers.NewRule("create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(),
|
rbacv1helpers.NewRule("create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(),
|
||||||
// Needed for the node to report status of pods it is running.
|
// Needed for the node to report status of pods it is running.
|
||||||
// Use the NodeRestriction admission plugin to limit a node to updating status of pods bound to itself.
|
// Use the NodeRestriction admission plugin to limit a node to updating status of pods bound to itself.
|
||||||
rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("pods/status").RuleOrDie(),
|
rbacv1helpers.NewRule("update", "patch").Groups(legacyGroup).Resources("pods/status").RuleOrDie(),
|
||||||
// Needed for the node to create pod evictions.
|
// Needed for the node to create pod evictions.
|
||||||
// Use the NodeRestriction admission plugin to limit a node to creating evictions for pods bound to itself.
|
// Use the NodeRestriction admission plugin to limit a node to creating evictions for pods bound to itself.
|
||||||
rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("pods/eviction").RuleOrDie(),
|
rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("pods/eviction").RuleOrDie(),
|
||||||
|
@ -1098,6 +1098,7 @@ items:
|
|||||||
resources:
|
resources:
|
||||||
- pods/status
|
- pods/status
|
||||||
verbs:
|
verbs:
|
||||||
|
- patch
|
||||||
- update
|
- update
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
|
Loading…
Reference in New Issue
Block a user