Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ARM
k8s
Kured
Commits
170f2ed2
Commit
170f2ed2
authored
Jun 05, 2018
by
Adam Harrison
Browse files
Restrict update permissions on daemonsets
Kured only needs update permissions on its own daeemonset.
parent
152534fc
Changes
1
Hide whitespace changes
Inline
Side-by-side
kured-rbac.yaml
View file @
170f2ed2
...
...
@@ -4,10 +4,6 @@ kind: ClusterRole
metadata
:
name
:
kured
rules
:
# Allow kured to grab it's lock
-
apiGroups
:
[
"
extensions"
]
resources
:
[
"
daemonsets"
]
verbs
:
[
"
get"
,
"
update"
]
# Allow kured to cordon and uncordon nodes
-
apiGroups
:
[
"
"
]
resources
:
[
"
nodes"
]
...
...
@@ -41,3 +37,29 @@ subjects:
-
kind
:
ServiceAccount
name
:
kured
namespace
:
kube-system
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
Role
metadata
:
namespace
:
kube-system
name
:
kured
rules
:
# Allow kured to lock/unlock itself
-
apiGroups
:
[
"
extensions"
]
resources
:
[
"
daemonsets"
]
resourceNames
:
[
"
kured"
]
verbs
:
[
"
update"
]
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
RoleBinding
metadata
:
namespace
:
kube-system
name
:
kured
subjects
:
-
kind
:
ServiceAccount
namespace
:
kube-system
name
:
kured
roleRef
:
apiGroup
:
rbac.authorization.k8s.io
kind
:
Role
name
:
kured
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment