Skip to content

Commit

Permalink
Merge pull request #2151 from estroz/bugfix/leader-election-split-rules
Browse files Browse the repository at this point in the history 
🐛 (go/v3) moved leases.coordination.k8s.io to its own proxy-role rule
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Apr 19, 2021
2 parents 698ff24 + 467e672 commit e6f3a70
Show file tree
Hide file tree
Showing 15 changed files with 115 additions and 35 deletions.
6 changes: 4 additions & 2 deletions ...ns/common/kustomize/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
`
12 changes: 8 additions & 4 deletions pkg/plugins/common/kustomize/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,16 @@ kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs: ["create"]
verbs:
- create
`
12 changes: 11 additions & 1 deletion ...gins/common/kustomize/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,19 @@ metadata:
rules:
- apiGroups:
- ""
- coordination.k8s.io
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
Expand Down
6 changes: 4 additions & 2 deletions testdata/project-v3-addon/config/rbac/auth_proxy_client_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@ kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
12 changes: 8 additions & 4 deletions testdata/project-v3-addon/config/rbac/auth_proxy_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@ kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs: ["create"]
verbs:
- create
12 changes: 11 additions & 1 deletion testdata/project-v3-addon/config/rbac/leader_election_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,19 @@ metadata:
rules:
- apiGroups:
- ""
- coordination.k8s.io
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
Expand Down
6 changes: 4 additions & 2 deletions testdata/project-v3-config/config/rbac/auth_proxy_client_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@ kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
12 changes: 8 additions & 4 deletions testdata/project-v3-config/config/rbac/auth_proxy_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@ kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs: ["create"]
verbs:
- create
12 changes: 11 additions & 1 deletion testdata/project-v3-config/config/rbac/leader_election_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,19 @@ metadata:
rules:
- apiGroups:
- ""
- coordination.k8s.io
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
Expand Down
6 changes: 4 additions & 2 deletions testdata/project-v3-multigroup/config/rbac/auth_proxy_client_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@ kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
12 changes: 8 additions & 4 deletions testdata/project-v3-multigroup/config/rbac/auth_proxy_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@ kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs: ["create"]
verbs:
- create
12 changes: 11 additions & 1 deletion testdata/project-v3-multigroup/config/rbac/leader_election_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,19 @@ metadata:
rules:
- apiGroups:
- ""
- coordination.k8s.io
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
Expand Down
6 changes: 4 additions & 2 deletions testdata/project-v3/config/rbac/auth_proxy_client_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@ kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
12 changes: 8 additions & 4 deletions testdata/project-v3/config/rbac/auth_proxy_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@ kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs: ["create"]
verbs:
- create
12 changes: 11 additions & 1 deletion testdata/project-v3/config/rbac/leader_election_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,19 @@ metadata:
rules:
- apiGroups:
- ""
- coordination.k8s.io
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
Expand Down

0 comments on commit e6f3a70

Please sign in to comment.