C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add custom rbac role for system:nodes

Browse source
This commit is contained in:
Boris Zanetti 2017-04-15 12:48:55 +02:00 committed by nhaveric
parent f1d366779e
commit 7573181183
3 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/rbac/tasks/main.yml
View file

@ -18,6 +18,8 @@
- {name: kubedns, file: kubedns-clusterrolebinding.yml, type: clusterrolebinding}
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrole.yml', type: clusterrole}
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrolebinding.yml', type: clusterrolebinding}
- {name: 'custom:system:node', file: 'custom:system:node-clusterrole.yml', type: clusterrole}
- {name: 'custom:system:node', file: 'custom:system:node-clusterrolebinding.yml', type: clusterrolebinding}
- {name: fluentd, file: fluentd-clusterrole.yml, type: clusterrole}
- {name: fluentd, file: fluentd-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests

13
roles/rbac/templates/custom:system:node-clusterrole.yml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: custom:system:node
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- list
- watch

13
roles/rbac/templates/custom:system:node-clusterrolebinding.yml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: custom:system:node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: custom:system:node
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:nodes