Move cluster roles and system namespace to new role

This should be done after kubeconfig is set for admin and before network plugins are up.
2026-02-28 09:39:12 +03:00 · 2017-10-26 09:10:33 +01:00
parent 86fb669fd3
commit ec53b8b66a
10 changed files with 64 additions and 48 deletions
--- a/roles/kubernetes-apps/cluster_roles/templates/namespace.j2
+++ b/roles/kubernetes-apps/cluster_roles/templates/namespace.j2
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "{{system_namespace}}"
--- a/roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2
+++ b/roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2
@@ -0,0 +1,17 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:node
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:node
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:nodes