mirror of https://github.com/kubernetes/kops.git
Grant kubelets system:node role in 1.8
This is an interim measure until we fully support the NodeAuthorizer and dynamic kubelet bootstrapping. Issue #3551
This commit is contained in:
Justin Santa Barbara
parent
d550332183
commit
4bd997496d
26
ROADMAP.md
26
ROADMAP.md
|
|
@ -1,5 +1,29 @@
|
||||||
# ROADMAP
|
# ROADMAP
|
||||||
|
|
||||||
|
# 1.9
|
||||||
|
|
||||||
|
## Must-have features
|
||||||
|
|
||||||
|
* Support for k8s 1.9
|
||||||
|
|
||||||
|
## Other features
|
||||||
|
|
||||||
|
* Use NodeAuthorizer / bootstrap kubeconfigs [#3551](https://github.com/kubernetes/kops/issues/3551)
|
||||||
|
|
||||||
|
|
||||||
|
# HISTORICAL
|
||||||
|
|
||||||
|
# 1.8
|
||||||
|
|
||||||
|
## Must-have features
|
||||||
|
|
||||||
|
* Support for k8s 1.8
|
||||||
|
|
||||||
|
## Other features
|
||||||
|
|
||||||
|
* Improved GCE support
|
||||||
|
* Support for API aggregation
|
||||||
|
|
||||||
# 1.7
|
# 1.7
|
||||||
|
|
||||||
## Must-have features
|
## Must-have features
|
||||||
|
|
@ -18,8 +42,6 @@
|
||||||
* RBAC policies for all components
|
* RBAC policies for all components
|
||||||
* bringing rolling-update out of alpha
|
* bringing rolling-update out of alpha
|
||||||
|
|
||||||
# HISTORICAL
|
|
||||||
|
|
||||||
## 1.6
|
## 1.6
|
||||||
|
|
||||||
### Must-have features
|
### Must-have features
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Source: https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/rbac/kubelet-binding.yaml
|
||||||
|
# The GKE environments don't have kubelets with certificates that
|
||||||
|
# identify the system:nodes group. They use the kubelet identity
|
||||||
|
# TODO: remove this once new nodes are granted individual identities and the
|
||||||
|
# NodeAuthorizer is enabled.
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: kubelet-cluster-admin
|
||||||
|
labels:
|
||||||
|
k8s-addon: rbac.addons.k8s.io
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
addonmanager.kubernetes.io/mode: Reconcile
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:node
|
||||||
|
subjects:
|
||||||
|
- apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: User
|
||||||
|
name: kubelet
|
||||||
|
|
@ -149,6 +149,26 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
key := "rbac.addons.k8s.io"
|
||||||
|
version := "1.8.0"
|
||||||
|
|
||||||
|
{
|
||||||
|
location := key + "/k8s-1.8.yaml"
|
||||||
|
id := "k8s-1.8"
|
||||||
|
|
||||||
|
addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
|
||||||
|
Name: fi.String(key),
|
||||||
|
Version: fi.String(version),
|
||||||
|
Selector: map[string]string{"k8s-addon": key},
|
||||||
|
Manifest: fi.String(location),
|
||||||
|
KubernetesVersion: ">=1.8.0",
|
||||||
|
Id: id,
|
||||||
|
})
|
||||||
|
manifests[key+"-"+id] = "addons/" + location
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
key := "limit-range.addons.k8s.io"
|
key := "limit-range.addons.k8s.io"
|
||||||
version := "1.5.0"
|
version := "1.5.0"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue