github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #99965 from swetharepakula/glbc-rbac

Browse Source 
Add GLBC roles for IngressClass & GCPIngressParams
This commit is contained in:
Kubernetes Prow Robot
2021-03-11 03:02:25 -08:00
committed by GitHub
parent 823fa75643 a8c5110f65
commit 23d4b3b4f0
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cluster/addons/rbac/cluster-loadbalancing/glbc/roles.yaml
View File

@@ -47,6 +47,8 @@ rules:
# GLBC ensures that the `cloud.google.com/backendconfigs` and `networking.gke.io/servicenetworkendpointgroups` CRD exists in a desired state:
# https://github.com/kubernetes/ingress-gce/blob/5c3fcb5845e74b92ea8bd52929b15fc5c9fa7970/cmd/glbc/main.go#L108
# https://github.com/kubernetes/ingress-gce/blob/5c3fcb5845e74b92ea8bd52929b15fc5c9fa7970/cmd/glbc/main.go#L133
# GLBC creates and updates `networking.gke.io/GCPIngressParams`
# https://github.com/kubernetes/ingress-gce/blob/7f0928629c85e7a54c6af9e6e490ac89d057461a/cmd/glbc/main.go#L151-L162
# TODO(rramkumar1): https://github.com/kubernetes/ingress-gce/issues/744
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
@@ -55,5 +57,9 @@ rules:
resources: ["backendconfigs"]
verbs: ["get", "list", "watch", "update", "create", "patch"]
- apiGroups: ["networking.gke.io"]
resources: ["servicenetworkendpointgroups"]
resources: ["servicenetworkendpointgroups","gcpingressparams"]
verbs: ["get", "list", "watch", "update", "create", "patch"]
# GLBC creates and updates `networking.k8s.io/IngressClass`
- apiGroups: ["networking.k8s.io"]
resources: ["ingressclasses"]
verbs: ["get", "list", "watch", "update", "create", "patch"]