rke/authz/manifests.go

package authz

const (
	systemNodeClusterRoleBinding = `
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "false"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:node
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:node
subjects:
- kind: Group
  name: system:nodes
  apiGroup: rbac.authorization.k8s.io`

	jobDeployerServiceAccount = `
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rke-job-deployer
  namespace: kube-system`

	jobDeployerClusterRoleBinding = `
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: job-deployer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  namespace: kube-system
  name: rke-job-deployer`
)
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`package authz`

			`const (`
			systemNodeClusterRoleBinding = `
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`annotations:`
			`rbac.authorization.kubernetes.io/autoupdate: "false"`
			`labels:`
			`kubernetes.io/bootstrapping: rbac-defaults`
			`name: system:node`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: system:node`
			`subjects:`
			`- kind: Group`
			`name: system:nodes`
			apiGroup: rbac.authorization.k8s.io`

			jobDeployerServiceAccount = `
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: rke-job-deployer`
			namespace: kube-system`

			jobDeployerClusterRoleBinding = `
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: job-deployer`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: cluster-admin`
			`subjects:`
			`- kind: ServiceAccount`
			`namespace: kube-system`
			name: rke-job-deployer`
			`)`