Skip to content

Commit

Permalink
Merge pull request #591 from andrewrynhard/rbac
Browse files Browse the repository at this point in the history 
Add Kubernetes RBAC support
  • Loading branch information
@tomdee
tomdee authored Jan 20, 2017
2 parents 38ea01b + 75ec1fc commit 5c5934e
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 2 deletions.
26 changes: 26 additions & 0 deletions Documentation/kube-flannel-rbac.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Create the clusterrole:
# $ kubectl create -f kube-flannel-rbac.yml
# Bind the flannel serviceaccount to the flannel clusterrole:
# $ kubectl create clusterrolebinding flannel --clusterrole=flannel --serviceaccount=kube-system:flannel
# Create the pod using the same namespace used by the flannel serviceaccount:
# $ kubectl create --namespace kube-system -f kube-flannel.yml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- update
- watch
8 changes: 6 additions & 2 deletions Documentation/kube-flannel.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
Expand All @@ -28,7 +32,6 @@ apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
labels:
tier: node
app: flannel
Expand All @@ -42,6 +45,7 @@ spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
serviceAccountName: flannel
containers:
- name: kube-flannel
image: quay.io/coreos/flannel-git:v0.6.1-62-g6d631ba-amd64
Expand Down

0 comments on commit 5c5934e

Please sign in to comment.