add custom rbac role for system:nodes

This commit is contained in:
Boris Zanetti 2017-04-15 12:48:55 +02:00 committed by nhaveric
parent f1d366779e
commit 7573181183
3 changed files with 28 additions and 0 deletions

View file

@ -18,6 +18,8 @@
- {name: kubedns, file: kubedns-clusterrolebinding.yml, type: clusterrolebinding} - {name: kubedns, file: kubedns-clusterrolebinding.yml, type: clusterrolebinding}
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrole.yml', type: clusterrole} - {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrole.yml', type: clusterrole}
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrolebinding.yml', type: clusterrolebinding} - {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrolebinding.yml', type: clusterrolebinding}
- {name: 'custom:system:node', file: 'custom:system:node-clusterrole.yml', type: clusterrole}
- {name: 'custom:system:node', file: 'custom:system:node-clusterrolebinding.yml', type: clusterrolebinding}
- {name: fluentd, file: fluentd-clusterrole.yml, type: clusterrole} - {name: fluentd, file: fluentd-clusterrole.yml, type: clusterrole}
- {name: fluentd, file: fluentd-clusterrolebinding.yml, type: clusterrolebinding} - {name: fluentd, file: fluentd-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests register: manifests

View file

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: custom:system:node
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- list
- watch

View file

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: custom:system:node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: custom:system:node
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:nodes