kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12641 from hakman/kops-controller_ipam_perms 

Allow kops-controller to describe network interfaces
This commit is contained in:
Kubernetes Prow Robot 2021-10-29 21:34:14 -07:00 committed by GitHub
parent c09e3984fc 9d1e11c73a
commit fce557c72b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/model/iam/iam_builder.go
View File

@ -326,6 +326,10 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
addEtcdManagerPermissions(p)
b.addNodeupPermissions(p, false)
if b.Cluster.Spec.IsKopsControllerIPAM() {
addKopsControllerIPAMPermissions(p)
}
var err error
if p, err = b.AddS3Permissions(p); err != nil {
return nil, fmt.Errorf("failed to generate AWS IAM S3 access statements: %v", err)
@ -775,6 +779,12 @@ func (b *PolicyBuilder) addNodeupPermissions(p *Policy, enableHookSupport bool)
}
}
func addKopsControllerIPAMPermissions(p *Policy) {
p.unconditionalAction.Insert(
"ec2:DescribeNetworkInterfaces",
)
}
func addEtcdManagerPermissions(p *Policy) {
p.unconditionalAction.Insert(
"ec2:DescribeVolumes", // aws.go

1
tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json
View File

@ -1295,6 +1295,7 @@
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",

1
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -152,6 +152,7 @@
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",

1
tests/integration/update_cluster/minimal-ipv6-cilium/cloudformation.json
View File

@ -1281,6 +1281,7 @@
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",

1
tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -152,6 +152,7 @@
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",

1
tests/integration/update_cluster/minimal-ipv6/cloudformation.json
View File

@ -1281,6 +1281,7 @@
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",

1
tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -152,6 +152,7 @@
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",