mirror of https://github.com/k3s-io/k3s
a3aac42b9a
Automatic merge from submit-queue (batch tested with PRs 50832, 51119, 51636, 48921, 51712) add reconcile command to kubectl auth This pull exposes the RBAC reconcile commands through `kubectl auth reconcile -f FILE`. When passed a file which contains RBAC roles, rolebindings, clusterroles, or clusterrolebindings, it will compute covers and add the missing rules. The logic required to properly "apply" rbac permissions is more complicated that a json merge since you have to compute logical covers operations between rule sets. This means that we cannot use `kubectl apply` to update rbac roles without risking breaking old clients (like controllers). To solve this problem, RBAC created reconcile functions to use during startup for "stock" roles. We want to offer this power to users who are running their own controllers and extension servers. This is an intersection between @kubernetes/sig-auth-misc and @kubernetes/sig-cli-misc |
||
|---|---|---|
| .. | ||
| man1 | ||