From 04334eb18e10dd601b39d7d17a53e871f1776acf Mon Sep 17 00:00:00 2001 From: Wei Huang Date: Sun, 9 Jan 2022 19:33:23 -0800 Subject: [PATCH] install: create a RoleBinding for obtain delegated authentication --- .../as-a-second-scheduler/templates/rbac.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/manifests/install/charts/as-a-second-scheduler/templates/rbac.yaml b/manifests/install/charts/as-a-second-scheduler/templates/rbac.yaml index 0ca14b36a..61c2a2125 100644 --- a/manifests/install/charts/as-a-second-scheduler/templates/rbac.yaml +++ b/manifests/install/charts/as-a-second-scheduler/templates/rbac.yaml @@ -97,4 +97,21 @@ roleRef: kind: ClusterRole name: scheduler-plugins-controller apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: sched-plugins::extension-apiserver-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: {{ .Values.scheduler.name }} + namespace: {{ .Values.scheduler.namespace }} +- kind: ServiceAccount + name: {{ .Values.controller.name }} + namespace: {{ .Values.controller.namespace }}