Commit b2aa6082 authored by Adam Harrison's avatar Adam Harrison
Browse files

Update permissions for kubectl 1.9.6

The permissions required by `kubectl drain` vary from version
to version; this change brings them into line with the one currently
parent 170f2ed2
......@@ -4,14 +4,21 @@ kind: ClusterRole
name: kured
# Allow kured to cordon and uncordon nodes
# Allow kured to read spec.unschedulable
# Allow kubectl to drain/uncordon
# NB: These permissions are tightly coupled to the bundled version of kubectl; the ones below
# match
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "update"]
# Allow kured to drain nodes
verbs: ["get", "patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "delete"]
verbs: ["list"]
- apiGroups: [""]
resources: ["replicationcontrollers"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["get"]
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment