Skip to content

Commit

Permalink
fixes planetlabs#92: rbac modifications for permission issues
Browse files Browse the repository at this point in the history
  • Loading branch information
bilalcaliskan committed May 14, 2021
1 parent 9d39b53 commit a98a4b8
Showing 1 changed file with 32 additions and 19 deletions.
51 changes: 32 additions & 19 deletions manifest.yml
Original file line number Diff line number Diff line change
@@ -1,36 +1,47 @@
---

apiVersion: v1
kind: ServiceAccount
metadata:
labels: {component: draino}
name: draino
namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {component: draino}
labels:
component: draino
name: draino
rules:
- apiGroups: ['']
resources: [events]
verbs: [create, patch, update]
- apiGroups: ['']
resources: [nodes]
verbs: [get, watch, list, update]
- apiGroups: ['']
resources: [nodes/status]
verbs: [patch]
- apiGroups: ['']
resources: [pods]
verbs: [get, watch, list]
- apiGroups: ['']
resources: [pods/eviction]
verbs: [create]
- apiGroups: [extensions]
resources: [daemonsets]
verbs: [get, watch, list]
- apiGroups: ['']
resources: [events]
verbs: [create, patch, update]
- apiGroups: ['']
resources: [nodes]
verbs: [get, watch, list, update, patch]
- apiGroups: ['']
resources: [nodes/status]
verbs: [get, watch, list, update, patch]
- apiGroups: ['']
resources: [endpoints]
verbs: [get, watch, list, create, patch, update]
- apiGroups: ['']
resources: [pods]
verbs: [get, watch, list]
- apiGroups: ['']
resources: [pods/eviction]
verbs: [create]
- apiGroups:
- extensions
- apps
resources: [daemonsets]
verbs: [get, watch, list]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
Expand All @@ -39,7 +50,9 @@ metadata:
roleRef: {apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: draino}
subjects:
- {kind: ServiceAccount, name: draino, namespace: kube-system}

---

apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down

0 comments on commit a98a4b8

Please sign in to comment.