karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1527 from lonelyCZ/pr-proxy-rbac 

Add cluster proxy rbac for admin when deploy Karmada control plane
This commit is contained in:
karmada-bot 2022-03-24 14:29:40 +08:00 committed by GitHub
parent 86649395b9 dba863095e
commit 47eb1cc81a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
artifacts/deploy/cluster-proxy-admin-rbac.yaml Normal file
View File

@ -0,0 +1,26 @@
# This configuration is used to authorize system:admin to proxy member clusters,
# if you don't need it, you can remove it from karmada control plane.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-proxy-admin
rules:
- apiGroups:
- 'cluster.karmada.io'
resources:
- clusters/proxy
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-proxy-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-proxy-admin
subjects:
- kind: User
name: "system:admin"

3
hack/deploy-karmada.sh
View File

@ -227,6 +227,9 @@ kubectl apply -f "${REPO_ROOT}/artifacts/deploy/apiservice.yaml"
# make sure apiservice for v1alpha1.cluster.karmada.io is Available
util::wait_apiservice_ready "${KARMADA_AGGREGATION_APISERVER_LABEL}"
# deploy cluster proxy rbac for admin
kubectl apply -f "${REPO_ROOT}/artifacts/deploy/cluster-proxy-admin-rbac.yaml"
kubectl config use-context "${HOST_CLUSTER_NAME}"
# deploy controller-manager on host cluster