rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-02 07:24:20 +00:00
Code Issues Releases Wiki Activity

Add kubeapi proxy cluster role and role binding

Browse Source
This commit is contained in:
galal-hussein
2019-07-25 22:07:38 +02:00
committed by Alena Prokharchyk
parent e923730388
commit 2bc960a01c
3 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cluster/cluster.go
View File

@@ -3,12 +3,13 @@ package cluster
import (
"context"
"fmt"
"github.com/rancher/rke/metadata"
"net"
"reflect"
"strings"
"time"
"github.com/rancher/rke/metadata"
"github.com/docker/docker/api/types"
"github.com/rancher/rke/authz"
"github.com/rancher/rke/docker"
@@ -316,6 +317,9 @@ func ApplyAuthzResources(ctx context.Context, rkeConfig v3.RancherKubernetesEngi
if err := authz.ApplySystemNodeClusterRoleBinding(ctx, kubeCluster.LocalKubeConfigPath, kubeCluster.K8sWrapTransport); err != nil {
return fmt.Errorf("Failed to apply the ClusterRoleBinding needed for node authorization: %v", err)
}
if err := authz.ApplyKubeAPIClusterRole(ctx, kubeCluster.LocalKubeConfigPath, kubeCluster.K8sWrapTransport); err != nil {
return fmt.Errorf("Failed to apply the ClusterRole and Binding needed for node kubeapi proxy: %v", err)
}
}
if kubeCluster.Authorization.Mode == services.RBACAuthorizationMode && kubeCluster.Services.KubeAPI.PodSecurityPolicy {
if err := authz.ApplyDefaultPodSecurityPolicy(ctx, kubeCluster.LocalKubeConfigPath, kubeCluster.K8sWrapTransport); err != nil {