github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Give apiserver full access to kubelet API

pull/6/head
Jordan Liggitt 2017-03-17 17:37:17 -04:00
parent 599539dc0b
commit 87a8c21995
No known key found for this signature in database
GPG Key ID: 24E7ADF9A3B42012
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/addons/rbac/apiserver-node-proxy-binding.yaml → cluster/addons/rbac/kube-apiserver-kubelet-api-admin-binding.yaml
View File

@ -1,14 +1,15 @@
# This binding gives the kube-apiserver user full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: apiserver-node-proxy
name: kube-apiserver-kubelet-api-admin
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: node-proxy
name: kubelet-api-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User

11
cluster/addons/rbac/node-proxy-role.yaml → cluster/addons/rbac/kubelet-api-admin-role.yaml
View File

@ -1,7 +1,8 @@
# This role allows full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: node-proxy
name: kubelet-api-admin
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
@ -10,15 +11,9 @@ rules:
- ""
resources:
- nodes/proxy
verbs:
- create
- get
- apiGroups:
- ""
resources:
- nodes/log
- nodes/stats
- nodes/metrics
- nodes/spec
verbs:
- get
- "*"