github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Give apiserver full access to kubelet API

Browse Source
This commit is contained in:
Jordan Liggitt
2017-03-17 17:37:17 -04:00
parent 599539dc0b
commit 87a8c21995
2 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/addons/rbac/apiserver-node-proxy-binding.yaml → cluster/addons/rbac/kube-apiserver-kubelet-api-admin-binding.yaml
View File

@@ -1,14 +1,15 @@
# This binding gives the kube-apiserver user full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: apiserver-node-proxy
name: kube-apiserver-kubelet-api-admin
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: node-proxy
name: kubelet-api-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User

11
cluster/addons/rbac/node-proxy-role.yaml → cluster/addons/rbac/kubelet-api-admin-role.yaml
View File

@@ -1,7 +1,8 @@
# This role allows full access to the kubelet API
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: node-proxy
name: kubelet-api-admin
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
@@ -10,15 +11,9 @@ rules:
- ""
resources:
- nodes/proxy
verbs:
- create
- get
- apiGroups:
- ""
resources:
- nodes/log
- nodes/stats
- nodes/metrics
- nodes/spec
verbs:
- get
- "*"