Update permissions for kubectl 1.9.6

The permissions required by `kubectl drain` vary from version to version; this change brings them into line with the one currently bundled.

Update permissions for kubectl 1.9.6
The permissions required by `kubectl drain` vary from version to version; this change brings them into line with the one currently bundled.
b2aa6082 · Adam Harrison · 170f2ed2 · b2aa6082
Commit b2aa6082 authored Jun 05, 2018 by Adam Harrison
--- a/kured-rbac.yaml
+++ b/kured-rbac.yaml
@@ -4,14 +4,21 @@ kind: ClusterRole
 metadata:
  name: kured
 rules:
-# Allow kured to cordon and uncordon nodes
+# Allow kured to read spec.unschedulable
+# Allow kubectl to drain/uncordon
+#
+# NB: These permissions are tightly coupled to the bundled version of kubectl; the ones below
+# match https://github.com/kubernetes/kubernetes/blob/v1.9.6/pkg/kubectl/cmd/drain.go
+#
 - apiGroups: [""]
  resources: ["nodes"]
-  verbs:     ["get", "update"]
-# Allow kured to drain nodes
+  verbs:     ["get", "patch"]
 - apiGroups: [""]
  resources: ["pods"]
-  verbs:     ["get", "list", "delete"]
+  verbs:     ["list"]
+- apiGroups: [""]
+  resources: ["replicationcontrollers"]
+  verbs:     ["get"]
 - apiGroups: ["apps"]
  resources: ["statefulsets"]
  verbs:     ["get"]