mirror of https://github.com/k3s-io/k3s
ef042450fd
Automatic merge from submit-queue (batch tested with PRs 41378, 41413, 40743, 41155, 41385) Reconcile bootstrap clusterroles on server start Currently, on server start, bootstrap roles and bindings are only created if there are no existing roles or rolebindings. Instead, we should look at each bootstrap role and rolebinding, and ensure it exists and has required permissions and subjects at server start. This allows seamless upgrades to new versions that define roles for new controllers, or add permissions to existing roles. ```release-note Default RBAC ClusterRole and ClusterRoleBinding objects are automatically updated at server start to add missing permissions and subjects (extra permissions and subjects are left in place). To prevent autoupdating a particular role or rolebinding, annotate it with `rbac.authorization.kubernetes.io/autoupdate=false`. ``` |
||
|---|---|---|
| .. | ||
| cmd/kube-scheduler | ||
| pkg | ||
| BUILD | ||
| OWNERS | ||