C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add custom rbac role local root user

Browse source
This commit is contained in:
Boris Zanetti 2017-04-15 13:19:56 +02:00 committed by nhaveric
parent 7573181183
commit c1db6da4c1
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/rbac/tasks/main.yml
View file

@ -22,6 +22,7 @@
- {name: 'custom:system:node', file: 'custom:system:node-clusterrolebinding.yml', type: clusterrolebinding} - {name: 'custom:system:node', file: 'custom:system:node-clusterrolebinding.yml', type: clusterrolebinding}
- {name: fluentd, file: fluentd-clusterrole.yml, type: clusterrole} - {name: fluentd, file: fluentd-clusterrole.yml, type: clusterrole}
- {name: fluentd, file: fluentd-clusterrolebinding.yml, type: clusterrolebinding} - {name: fluentd, file: fluentd-clusterrolebinding.yml, type: clusterrolebinding}
- {name: cluster-admin-local, file: cluster-admin-local-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests register: manifests
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]

13
roles/rbac/templates/cluster-admin-local-clusterrolebinding.yml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cluster-admin-local
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: root