groundnuty
4/4/2017 - 7:20 AM
helm 2.2.3 fix for kubernetes 1.6 rbac
helm 2.2.3 fix for kubernetes 1.6 rbac
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: default-readonly-role
rules:
- verbs: ["get"]
nonResourceURLs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kubelet-role
rules:
- apiGroups: ["*"]
resources:
- configmaps
- persistentvolumes
- persistentvolumeclaims
- secrets
- services
- healthz
verbs: ["get", "watch", "list"]
- apiGroups: ["*"]
resources:
- events
- nodes
- nodes/status
- pods
- pods/status
verbs: ["*"]
- verbs: ["*"]
nonResourceURLs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-system-admin
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: default-readonly-role-binding
subjects:
- kind: User
name: "*"
roleRef:
kind: ClusterRole
name: default-readonly-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kubelet-role-binding
subjects:
- kind: User
name: kubelet
roleRef:
kind: ClusterRole
name: kubelet-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-system-service-account-role-binding
subjects:
- kind: ServiceAccount
name: default
namespace: kube-system
roleRef:
kind: ClusterRole
name: kube-system-admin
apiGroup: rbac.authorization.k8s.io