Commit b2aa6082 authored by Adam Harrison's avatar Adam Harrison
Browse files

Update permissions for kubectl 1.9.6

The permissions required by `kubectl drain` vary from version
to version; this change brings them into line with the one currently
bundled.
parent 170f2ed2
......@@ -4,14 +4,21 @@ kind: ClusterRole
metadata:
name: kured
rules:
# Allow kured to cordon and uncordon nodes
# Allow kured to read spec.unschedulable
# Allow kubectl to drain/uncordon
#
# NB: These permissions are tightly coupled to the bundled version of kubectl; the ones below
# match https://github.com/kubernetes/kubernetes/blob/v1.9.6/pkg/kubectl/cmd/drain.go
#
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "update"]
# Allow kured to drain nodes
verbs: ["get", "patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "delete"]
verbs: ["list"]
- apiGroups: [""]
resources: ["replicationcontrollers"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs: ["get"]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment