github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-01 22:34:14 +00:00
Code Issues Projects Releases Wiki Activity

append an abac rule for $KUBE_USER.

Browse Source
This commit is contained in:
CJ Cullen
2016-07-14 11:01:07 -07:00
parent e3fa011d28
commit e559e305dd
5 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cluster/gce/gci/configure-helper.sh
View File

@@ -637,7 +637,12 @@ function start-kube-apiserver {
webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\"}},"
fi
local -r src_dir="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty"
cp "${src_dir}/abac-authz-policy.jsonl" /etc/srv/kubernetes/
local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl"
remove-salt-config-comments "${abac_policy_json}"
sed -i -e "s@{{kube_user}}@${KUBE_USER}@g" "${abac_policy_json}"
cp "${abac_policy_json}" /etc/srv/kubernetes/
src_file="${src_dir}/kube-apiserver.manifest"
remove-salt-config-comments "${src_file}"
# Evaluate variables.