github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 17:30:00 +00:00
Code Issues Projects Releases Wiki Activity

Enable “Kubernetes Monitoring” and “PodSecurityPolicies” on the same cluster

Browse Source 
Without that the daemonset "metadata-agent" return:

```pods "metadata-agent-" is forbidden: unable to validate against any pod security policy: [spec.containers[0].securityContext.containers[0].hostPort: Invalid value: 8799: Host port 8799 is not allowed to be used. Allowed ports: []]```
This commit is contained in:
Davide Belloni 2018-06-26 14:06:32 +02:00 committed by GitHub
parent 76b4699c69
commit b24bf0c5e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cluster/addons/metadata-agent/stackdriver/metadata-agent-rbac.yaml
View File

@ -32,3 +32,20 @@ subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: metadata-agent name: metadata-agent
namespace: kube-system namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gce:podsecuritypolicy:metadata-agent
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/cluster-service: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gce:podsecuritypolicy:privileged
subjects:
- kind: ServiceAccount
name: metadata-agent
namespace: kube-system