binding group system:nodes to clusterrole calico-role

2026-03-08 11:07:43 +03:00 · 2017-07-07 15:43:48 +08:00
parent c9734b6d7b
commit 2cda982345
5 changed files with 49 additions and 3 deletions
--- a/roles/network_plugin/calico/templates/calico-node-clusterrole.yml
+++ b/roles/network_plugin/calico/templates/calico-node-clusterrole.yml
@@ -0,0 +1,12 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: calico-node
+  namespace: {{ system_namespace }}
+rules:
+  - apiGroups: [""]
+    resources:
+      - pods
+      - nodes
+    verbs:
+      - get
--- a/roles/network_plugin/calico/templates/calico-node-clusterrolebinding.yml
+++ b/roles/network_plugin/calico/templates/calico-node-clusterrolebinding.yml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: calico-node
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: calico-node
+subjects:
+- kind: Group
+  name: system:nodes
+  namespace: kube-system