add custom rbac role local root user

2017-04-15 13:19:56 +02:00 · 2017-04-15 13:19:56 +02:00 · c1db6da4c1
commit c1db6da4c1
parent 7573181183
2 changed files with 14 additions and 0 deletions
--- a/roles/rbac/tasks/main.yml
+++ b/roles/rbac/tasks/main.yml
@ -22,6 +22,7 @@
    - {name: 'custom:system:node', file: 'custom:system:node-clusterrolebinding.yml', type: clusterrolebinding}
    - {name: fluentd, file: fluentd-clusterrole.yml, type: clusterrole}
    - {name: fluentd, file: fluentd-clusterrolebinding.yml, type: clusterrolebinding}
+    - {name: cluster-admin-local, file: cluster-admin-local-clusterrolebinding.yml, type: clusterrolebinding}
  register: manifests
  when: inventory_hostname == groups['kube-master'][0]

--- a/roles/rbac/templates/cluster-admin-local-clusterrolebinding.yml
+++ b/roles/rbac/templates/cluster-admin-local-clusterrolebinding.yml
@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admin-local
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: root