Added missing permissions for operator. (#6683)
Related commit: 976337b750
This commit is contained in:
parent
79226d0870
commit
9ce34be217
1 changed files with 19 additions and 0 deletions
|
@ -69,6 +69,25 @@ rules:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
|
{% if cilium_version | regex_replace('v') is version('1.8', '>=') %}
|
||||||
|
# For cilium-operator running in HA mode.
|
||||||
|
#
|
||||||
|
# Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
|
||||||
|
# between mulitple running instances.
|
||||||
|
# The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
|
||||||
|
# common and fewer objects in the cluster watch "all Leases".
|
||||||
|
# The support for leases was introduced in coordination.k8s.io/v1 during Kubernetes 1.14 release.
|
||||||
|
# In Cilium we currently don't support HA mode for K8s version < 1.14. This condition make sure
|
||||||
|
# that we only authorize access to leases resources in supported K8s versions.
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
{% endif %}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
|
Loading…
Reference in a new issue