mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 10:33:35 +00:00
vendor files
This commit is contained in:
Serguei Bezverkhi
16
vendor/k8s.io/kubernetes/cluster/addons/rbac/kubelet-api-auth/kube-apiserver-kubelet-api-admin-binding.yaml
generated
vendored
Normal file
16
vendor/k8s.io/kubernetes/cluster/addons/rbac/kubelet-api-auth/kube-apiserver-kubelet-api-admin-binding.yaml
generated
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
# This binding gives the kube-apiserver user full access to the kubelet API
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kube-apiserver-kubelet-api-admin
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kubelet-api-admin
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: kube-apiserver
|
||||
19
vendor/k8s.io/kubernetes/cluster/addons/rbac/kubelet-api-auth/kubelet-api-admin-role.yaml
generated
vendored
Normal file
19
vendor/k8s.io/kubernetes/cluster/addons/rbac/kubelet-api-auth/kubelet-api-admin-role.yaml
generated
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
# This role allows full access to the kubelet API
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: kubelet-api-admin
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/proxy
|
||||
- nodes/log
|
||||
- nodes/stats
|
||||
- nodes/metrics
|
||||
- nodes/spec
|
||||
verbs:
|
||||
- "*"
|
||||
62
vendor/k8s.io/kubernetes/cluster/addons/rbac/kubelet-cert-rotation/kubelet-certificate-management.yaml
generated
vendored
Normal file
62
vendor/k8s.io/kubernetes/cluster/addons/rbac/kubelet-cert-rotation/kubelet-certificate-management.yaml
generated
vendored
Normal file
@ -0,0 +1,62 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gce:beta:kubelet-certificate-bootstrap
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: gce:beta:kubelet-certificate-bootstrap
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: kubelet
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gce:beta:kubelet-certificate-rotation
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: gce:beta:kubelet-certificate-rotation
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: Group
|
||||
name: system:nodes
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gce:beta:kubelet-certificate-bootstrap
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "certificates.k8s.io"
|
||||
resources:
|
||||
- certificatesigningrequests/nodeclient
|
||||
verbs:
|
||||
- "create"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gce:beta:kubelet-certificate-rotation
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "certificates.k8s.io"
|
||||
resources:
|
||||
- certificatesigningrequests/selfnodeclient
|
||||
- certificatesigningrequests/selfnodeserver
|
||||
verbs:
|
||||
- "create"
|
||||
31
vendor/k8s.io/kubernetes/cluster/addons/rbac/legacy-kubelet-user-disable/kubelet-binding.yaml
generated
vendored
Normal file
31
vendor/k8s.io/kubernetes/cluster/addons/rbac/legacy-kubelet-user-disable/kubelet-binding.yaml
generated
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
# This is required so that old clusters don't remove required bindings for 1.5
|
||||
# kubelets to function.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubelet-cluster-admin
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: EnsureExists
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:node
|
||||
subjects: []
|
||||
---
|
||||
# This is required so that new clusters still have bootstrap permissions
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubelet-bootstrap
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:node-bootstrapper
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: kubelet
|
||||
19
vendor/k8s.io/kubernetes/cluster/addons/rbac/legacy-kubelet-user/kubelet-binding.yaml
generated
vendored
Normal file
19
vendor/k8s.io/kubernetes/cluster/addons/rbac/legacy-kubelet-user/kubelet-binding.yaml
generated
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
# The GKE environments don't have kubelets with certificates that
|
||||
# identify the system:nodes group. They use the kubelet identity
|
||||
# TODO: remove this once new nodes are granted individual identities and the
|
||||
# NodeAuthorizer is enabled.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kubelet-cluster-admin
|
||||
labels:
|
||||
kubernetes.io/cluster-service: "true"
|
||||
addonmanager.kubernetes.io/mode: Reconcile
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:node
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: kubelet
|
||||
Reference in New Issue
Block a user