From 66fc9ba384f203a85779079ebb007bed3d686f04 Mon Sep 17 00:00:00 2001 From: Jason Stangroome Date: Fri, 23 Mar 2018 10:21:43 +1100 Subject: [PATCH 1/2] Add kube-dns ServiceAccount --- deploy/addons/kube-dns/kube-dns-account.yaml | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 deploy/addons/kube-dns/kube-dns-account.yaml diff --git a/deploy/addons/kube-dns/kube-dns-account.yaml b/deploy/addons/kube-dns/kube-dns-account.yaml new file mode 100644 index 000000000000..70d9af1a948f --- /dev/null +++ b/deploy/addons/kube-dns/kube-dns-account.yaml @@ -0,0 +1,22 @@ +# Copyright 2016 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-dns + namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: EnsureExists + From 9594bd3ebee5dc396259e314380f36b0e5c022b6 Mon Sep 17 00:00:00 2001 From: Jason Stangroome Date: Fri, 23 Mar 2018 10:24:09 +1100 Subject: [PATCH 2/2] Use kube-dns ServiceAccount to improve RBAC support --- deploy/addons/kube-dns/kube-dns-controller.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/addons/kube-dns/kube-dns-controller.yaml b/deploy/addons/kube-dns/kube-dns-controller.yaml index aa625ecd5d15..01c220eaec2c 100644 --- a/deploy/addons/kube-dns/kube-dns-controller.yaml +++ b/deploy/addons/kube-dns/kube-dns-controller.yaml @@ -34,6 +34,7 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: + serviceAccount: kube-dns tolerations: - key: "CriticalAddonsOnly" operator: "Exists"