corrext idempotency issue with kubedns RBAC
This commit is contained in:
Boris Zanetti
nhaveric
parent
babc372d04
commit
a807771d63
4 changed files with 7 additions and 39 deletions
|
|
@ -14,8 +14,6 @@
|
||||||
- {name: cluster-proportional-autoscaler, file: cluster-proportional-autoscaler-clusterrole.yml, type: clusterrole}
|
- {name: cluster-proportional-autoscaler, file: cluster-proportional-autoscaler-clusterrole.yml, type: clusterrole}
|
||||||
- {name: cluster-proportional-autoscaler, file: cluster-proportional-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
- {name: cluster-proportional-autoscaler, file: cluster-proportional-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
||||||
- {name: kubedns, file: kubedns-serviceaccount.yml, type: serviceaccount}
|
- {name: kubedns, file: kubedns-serviceaccount.yml, type: serviceaccount}
|
||||||
- {name: kubedns, file: kubedns-clusterrole.yml, type: clusterrole}
|
|
||||||
- {name: kubedns, file: kubedns-clusterrolebinding.yml, type: clusterrolebinding}
|
|
||||||
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrole.yml', type: clusterrole}
|
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrole.yml', type: clusterrole}
|
||||||
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrolebinding.yml', type: clusterrolebinding}
|
- {name: 'custom:system:kube-dns', file: 'custom:system:kube-dns-clusterrolebinding.yml', type: clusterrolebinding}
|
||||||
- {name: 'custom:system:node', file: 'custom:system:node-clusterrole.yml', type: clusterrole}
|
- {name: 'custom:system:node', file: 'custom:system:node-clusterrole.yml', type: clusterrole}
|
||||||
|
|
@ -34,5 +32,3 @@
|
||||||
state: "{{item.changed | ternary('latest','present') }}"
|
state: "{{item.changed | ternary('latest','present') }}"
|
||||||
with_items: "{{ manifests.results }}"
|
with_items: "{{ manifests.results }}"
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -8,6 +7,13 @@ rules:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
- endpoints
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
- services
|
- services
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
|
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: custom:system:kube-dns
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- endpoints
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- services
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: custom:system:kube-dns
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: custom:system:kube-dns
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: kube-dns
|
|
||||||
namespace: kube-system
|
|
||||||
|
|
||||||
Loading…
Reference in a new issue