github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #62336 from deads2k/rbac-05-scale

Browse Source 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

add statefulset scaling permission to admins, editors, and viewers

StatefulSets are missing scale permissions, so users can't scale them.


```release-note
fix permissions to allow statefulset scaling for admins, editors, and viewers
```
This commit is contained in:
Kubernetes Submit Queue 2018-04-20 05:31:11 -07:00 committed by GitHub
commit fc7527537f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -236,7 +236,8 @@ func ClusterRoles() []rbac.ClusterRole {
rbac.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(), rbac.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(),
rbac.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(), rbac.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(),
rbac.NewRule(ReadWrite...).Groups(appsGroup).Resources("statefulsets", rbac.NewRule(ReadWrite...).Groups(appsGroup).Resources(
"statefulsets", "statefulsets/scale",
"daemonsets", "daemonsets",
"deployments", "deployments/scale", "deployments/rollback", "deployments", "deployments/scale", "deployments/rollback",
"replicasets", "replicasets/scale").RuleOrDie(), "replicasets", "replicasets/scale").RuleOrDie(),
@ -275,7 +276,8 @@ func ClusterRoles() []rbac.ClusterRole {
rbac.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(), rbac.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(),
rbac.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(), rbac.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(),
rbac.NewRule(ReadWrite...).Groups(appsGroup).Resources("statefulsets", rbac.NewRule(ReadWrite...).Groups(appsGroup).Resources(
"statefulsets", "statefulsets/scale",
"daemonsets", "daemonsets",
"deployments", "deployments/scale", "deployments/rollback", "deployments", "deployments/scale", "deployments/rollback",
"replicasets", "replicasets/scale").RuleOrDie(), "replicasets", "replicasets/scale").RuleOrDie(),
@ -307,7 +309,8 @@ func ClusterRoles() []rbac.ClusterRole {
// indicator of which namespaces you have access to. // indicator of which namespaces you have access to.
rbac.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(), rbac.NewRule(Read...).Groups(legacyGroup).Resources("namespaces").RuleOrDie(),
rbac.NewRule(Read...).Groups(appsGroup).Resources("statefulsets", rbac.NewRule(Read...).Groups(appsGroup).Resources(
"statefulsets", "statefulsets/scale",
"daemonsets", "daemonsets",
"deployments", "deployments/scale", "deployments", "deployments/scale",
"replicasets", "replicasets/scale").RuleOrDie(), "replicasets", "replicasets/scale").RuleOrDie(),

3
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml vendored
View File

@ -137,6 +137,7 @@ items:
- replicasets - replicasets
- replicasets/scale - replicasets/scale
- statefulsets - statefulsets
- statefulsets/scale
verbs: verbs:
- create - create
- delete - delete
@ -329,6 +330,7 @@ items:
- replicasets - replicasets
- replicasets/scale - replicasets/scale
- statefulsets - statefulsets
- statefulsets/scale
verbs: verbs:
- create - create
- delete - delete
@ -471,6 +473,7 @@ items:
- replicasets - replicasets
- replicasets/scale - replicasets/scale
- statefulsets - statefulsets
- statefulsets/scale
verbs: verbs:
- get - get
- list - list