github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-02 00:07:50 +00:00
Code Issues Projects Releases Wiki Activity

Allow node-controller to update node status

Browse Source
This commit is contained in:
Jordan Liggitt 2017-01-09 17:45:12 -05:00
parent e827393fa2
commit bda95a59ad
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@ -166,7 +166,11 @@ func init() {
addControllerRole(rbac.ClusterRole{ addControllerRole(rbac.ClusterRole{
ObjectMeta: api.ObjectMeta{Name: saRolePrefix + "node-controller"}, ObjectMeta: api.ObjectMeta{Name: saRolePrefix + "node-controller"},
Rules: []rbac.PolicyRule{ Rules: []rbac.PolicyRule{
rbac.NewRule("get", "list", "update").Groups(legacyGroup).Resources("nodes").RuleOrDie(), rbac.NewRule("get", "list", "update", "delete").Groups(legacyGroup).Resources("nodes").RuleOrDie(),
rbac.NewRule("update").Groups(legacyGroup).Resources("nodes/status").RuleOrDie(),
// used for pod eviction
rbac.NewRule("update").Groups(legacyGroup).Resources("pods/status").RuleOrDie(),
rbac.NewRule("list", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(),
eventsRule(), eventsRule(),
}, },
}) })

23
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml vendored
View File

@ -533,9 +533,32 @@ items:
resources: resources:
- nodes - nodes
verbs: verbs:
- delete
- get - get
- list - list
- update - update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- nodes/status
verbs:
- update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods/status
verbs:
- update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
verbs:
- delete
- list
- apiGroups: - apiGroups:
- "" - ""
attributeRestrictions: null attributeRestrictions: null