mirror of https://github.com/kubernetes/kops.git
fix permissions required for NTH Queue Processor
This commit is contained in:
Jason Haugen
parent
7d936548ca
commit
c2a9bdc515
|
|
@ -148,11 +148,18 @@ The kOps CLI requires additional IAM permissions to manage the requisite EventBr
|
|||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"events:DeleteRule",
|
||||
"events:ListRules",
|
||||
"events:ListTargetsByRule",
|
||||
"events:ListTagsForResource",
|
||||
"events:PutEvents",
|
||||
"events:PutTargets",
|
||||
"events:RemoveTargets",
|
||||
"sqs:CreateQueue",
|
||||
"sqs:ListQueues",
|
||||
"sqs:DeleteQueue",
|
||||
"sqs:GetQueueAttributes",
|
||||
"sqs:ListQueues",
|
||||
"sqs:ListQueueTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ In 1.21, this feature is behind a feature flag as node role name, labels, taints
|
|||
|
||||
# Required Actions
|
||||
|
||||
* To support [Node Termination Handler's Queue Process mode](/addons/#node-termination-handler), AWS cluster deletion now requires the kops CLI have `sqs:ListQueues` permission regardless of whether or not the addon is used.
|
||||
* To support [Node Termination Handler's Queue Process mode](/addons/#node-termination-handler), AWS cluster deletion now requires the kops CLI have `sqs:ListQueues` and `events:ListRules` permissions regardless of whether or not the addon is used.
|
||||
|
||||
# Deprecations
|
||||
|
||||
|
|
|
|||
|
|
@ -48,12 +48,11 @@ func DeleteEventBridgeRule(cloud fi.Cloud, r *resources.Resource) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("error listing targets for EventBridge rule %q: %v", r.Name, err)
|
||||
}
|
||||
|
||||
if len(targets.Targets) > 0 {
|
||||
var ids []*string
|
||||
for _, target := range targets.Targets {
|
||||
ids = append(ids, target.Id)
|
||||
}
|
||||
|
||||
klog.V(2).Infof("Removing EventBridge Targets for rule %q", r.Name)
|
||||
_, err = c.EventBridge().RemoveTargets(&eventbridge.RemoveTargetsInput{
|
||||
Ids: ids,
|
||||
|
|
@ -62,6 +61,7 @@ func DeleteEventBridgeRule(cloud fi.Cloud, r *resources.Resource) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("error removing targets for EventBridge rule %q: %v", r.Name, err)
|
||||
}
|
||||
}
|
||||
|
||||
klog.V(2).Infof("Deleting EventBridge rule %q", r.Name)
|
||||
request := &eventbridge.DeleteRuleInput{
|
||||
|
|
|
|||
Loading…
Reference in New Issue