github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-20 18:31:15 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #41338 from ncdc/kcm-csr-policy

Browse Source 
Automatic merge from submit-queue

Allow controller manager to list/watch CSRs

Accidentally left out of #41084 

cc @mikedanese @deads2k
This commit is contained in:
Kubernetes Submit Queue 2017-02-13 10:54:53 -08:00 committed by GitHub
commit dcbcee8365
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -279,13 +279,23 @@ func ClusterRoles() []rbac.ClusterRole {
rbac.NewRule("get").Groups(legacyGroup).Resources("endpoints", "namespaces", "serviceaccounts").RuleOrDie(),
rbac.NewRule("update").Groups(legacyGroup).Resources("endpoints", "serviceaccounts").RuleOrDie(),
rbac.NewRule("list", "watch").Groups("*").Resources("namespaces", "nodes", "persistentvolumeclaims",
"persistentvolumes", "pods", "secrets", "services", "serviceaccounts", "replicationcontrollers").RuleOrDie(),
rbac.NewRule("list", "watch").Groups(legacyGroup).Resources(
"namespaces",
"nodes",
"persistentvolumeclaims",
"persistentvolumes",
"pods",
"secrets",
"services",
"serviceaccounts",
"replicationcontrollers",
).RuleOrDie(),
rbac.NewRule("list", "watch").Groups(extensionsGroup).Resources("daemonsets", "deployments", "replicasets").RuleOrDie(),
rbac.NewRule("list", "watch").Groups(batchGroup).Resources("jobs", "cronjobs").RuleOrDie(),
rbac.NewRule("list", "watch").Groups(appsGroup).Resources("statefulsets").RuleOrDie(),
rbac.NewRule("list", "watch").Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(),
rbac.NewRule("list", "watch").Groups(autoscalingGroup).Resources("horizontalpodautoscalers").RuleOrDie(),
rbac.NewRule("list", "watch").Groups(certificatesGroup).Resources("certificatesigningrequests").RuleOrDie(),
},
},
{

9
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml vendored
View File

@ -444,7 +444,7 @@ items:
verbs:
- update
- apiGroups:
- '*'
- ""
resources:
- namespaces
- nodes
@ -496,6 +496,13 @@ items:
verbs:
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata: