scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Include admin in super-user group

Browse Source
This commit is contained in:
Jordan Liggitt
2017-01-06 14:15:36 -05:00
parent 3888aca8ab
commit 1fe517e96a
3 changed files with 4 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cluster/addons/e2e-rbac-bindings/admin-binding.yaml
View File

@@ -1,16 +0,0 @@
# something in the kube e2e uses an admin identity to list pods
# TODO figure out what is doing this and ultimately remove this binding
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
name: admin-cluster-admin
labels:
kubernetes.io/cluster-service: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- apiVersion: rbac/v1alpha1
kind: User
name: admin

4
cluster/gce/container-linux/configure-helper.sh
View File

@@ -140,11 +140,11 @@ function create-master-auth {
fi fi
local -r basic_auth_csv="${auth_dir}/basic_auth.csv" local -r basic_auth_csv="${auth_dir}/basic_auth.csv"
if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
echo "${KUBE_PASSWORD},${KUBE_USER},admin" > "${basic_auth_csv}" echo "${KUBE_PASSWORD},${KUBE_USER},admin,system:masters" > "${basic_auth_csv}"
fi fi
local -r known_tokens_csv="${auth_dir}/known_tokens.csv" local -r known_tokens_csv="${auth_dir}/known_tokens.csv"
if [[ ! -e "${known_tokens_csv}" ]]; then if [[ ! -e "${known_tokens_csv}" ]]; then
echo "${KUBE_BEARER_TOKEN},admin,admin" > "${known_tokens_csv}" echo "${KUBE_BEARER_TOKEN},admin,admin,system:masters" > "${known_tokens_csv}"
echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}" echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}"
echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}" echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}"
echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}" echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}"

4
cluster/gce/gci/configure-helper.sh
View File

@@ -207,11 +207,11 @@ function create-master-auth {
fi fi
local -r basic_auth_csv="${auth_dir}/basic_auth.csv" local -r basic_auth_csv="${auth_dir}/basic_auth.csv"
if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then if [[ ! -e "${basic_auth_csv}" && -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
echo "${KUBE_PASSWORD},${KUBE_USER},admin" > "${basic_auth_csv}" echo "${KUBE_PASSWORD},${KUBE_USER},admin,system:masters" > "${basic_auth_csv}"
fi fi
local -r known_tokens_csv="${auth_dir}/known_tokens.csv" local -r known_tokens_csv="${auth_dir}/known_tokens.csv"
if [[ ! -e "${known_tokens_csv}" ]]; then if [[ ! -e "${known_tokens_csv}" ]]; then
echo "${KUBE_BEARER_TOKEN},admin,admin" > "${known_tokens_csv}" echo "${KUBE_BEARER_TOKEN},admin,admin,system:masters" > "${known_tokens_csv}"
echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}" echo "${KUBE_CONTROLLER_MANAGER_TOKEN},system:kube-controller-manager,uid:system:kube-controller-manager" >> "${known_tokens_csv}"
echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}" echo "${KUBELET_TOKEN},system:node:node-name,uid:kubelet,system:nodes" >> "${known_tokens_csv}"
echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}" echo "${KUBE_PROXY_TOKEN},system:kube-proxy,uid:kube_proxy" >> "${known_tokens_csv}"