kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add permission for CreateTag on ENI to amazon-vpc-cni-k8s 

Although amazon-vpc-cni-k8s adds tag to ENI, kops does not add the
permission. Hence it does not work by default.

This patch adds the permission for CreateTag on ENI to
amazon-vpc-cni-k8s's nodes policy.
This commit is contained in:
Kenjiro Nakayama 2019-01-24 18:25:37 +09:00
parent ea420dac78
commit 92689c51c6
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/model/iam/iam_builder.go
View File

@ -877,6 +877,13 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice,
}),
Resource: resource,
},
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:CreateTags",
}),
Resource: stringorslice.Slice([]string{"arn:aws:ec2:*:*:network-interface/*"}),
},
)
}