kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6389 from nak3/eks-tag 

Add permission for CreateTag on ENI to amazon-vpc-cni-k8s
This commit is contained in:
Kubernetes Prow Robot 2019-02-16 04:21:20 -08:00 committed by GitHub
parent f69bbd7a51 bedc944672
commit d9615fcf06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/networking.md
View File

@ -363,6 +363,11 @@ $ kops create cluster \
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
}
```

7
pkg/model/iam/iam_builder.go
View File

@ -877,6 +877,13 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice,
}),
Resource: resource,
},
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:CreateTags",
}),
Resource: stringorslice.Slice([]string{"arn:aws:ec2:*:*:network-interface/*"}),
},
)
}