github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

separate RootCAConfigMap from BoundServiceAccountTokenVolume

Browse Source
This commit is contained in:
Shihang Zhang
2020-11-03 14:35:19 -08:00
parent f75316e294
commit d40f0c43c4
12 changed files with 135 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@@ -402,7 +402,7 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
})
}
if utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) {
if utilfeature.DefaultFeatureGate.Enabled(features.RootCAConfigMap) {
addControllerRole(&controllerRoles, &controllerRoleBindings, rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + "root-ca-cert-publisher"},
Rules: []rbacv1.PolicyRule{