github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d84e4baf9a8e0a0568cdc68d7e7da926986d26be
kubernetes/cluster/addons/cloud-controller-manager/cloud-node-controller-role.yaml
Walter Fender 99156b5bdc Turn on CCM in kube-up when cloudprovider=external 
Currently if we disable cloud provider by the following
CLOUD_PROVIDER_FLAG=external
KUBE_FEATURE_GATES=DisableCloudProviders=true,DisableKubeletCloudCredentialProviders=true
we can no longer schedule workloads due to taints and a lack of
node configuration.
This pulls a CCM image from K/cloud-provider-gcp to run tests.
This is a pre-step for taking the above feature gates to beta.
It does not address the last known good dependency issue.
Specifically the CCM image is built on top of client-go and staging.
However this image will be an "old" verison of those libraries.
So it does not test if those libraries work in the CCM.

Fix shellcheck errors.
Add CCM_FEATURE_GATES for testing.
Switching to extended regex from perl regex.
Adding instrumentation to cluster configuration.
Improved regex to not greedily get key-value pairs.
Fixed issue with error on regex no line match.
Switch credentialprovider version to v1alpha1
2022-11-03 10:38:23 -07:00

213 lines
2.9 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:cloud-controller-manager
rules:
- apiGroups:
- ""
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- cloud-controller-manager
resources:
- leases
verbs:
- get
- update
- apiGroups:
- ""
resources:
- endpoints
- serviceaccounts
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- update
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- update
- apiGroups:
- "authentication.k8s.io"
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- "*"
resources:
- "*"
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ""
resources:
- namespaces
- configmaps
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:cloud-controller-manager
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- watch
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- cloud-controller-manager
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system::leader-locking-cloud-controller-manager
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- watch
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- cloud-controller-manager
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:controller:cloud-node-controller
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- update
- delete
- patch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- get
- list
- update
- delete
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- pods/status
verbs:
- list
- delete
Reference in New Issue View Git Blame Copy Permalink