kops/aws-cloud-controller.addons.k8s.io at 07ee0c220697a43e5ef7af27131326273e0109f4 - kops

History

Nick Turner 0239dc1f63 Permission to create servcice account tokens * We need the ability to create service account token because this is required by clientbuilder/controller-manager framework which we will be using in 1.21. * This is required for the CCM to use 1 SA per controller, which follows principle of least privilege and makes audit logs easier to understand * Restricts token creation to resource names "node-controller", "service-controller", and "route-controller".	2021-05-13 14:16:59 -07:00
..
k8s-1.18.yaml.template	Permission to create servcice account tokens	2021-05-13 14:16:59 -07:00

Nick Turner 0239dc1f63 Permission to create servcice account tokens

* We need the ability to create service account token
  because this is required by clientbuilder/controller-manager
  framework which we will be using in 1.21.
* This is required for the CCM to use 1 SA per controller, which
  follows principle of least privilege and makes audit logs easier
  to understand
* Restricts token creation to resource names "node-controller",
  "service-controller", and "route-controller".

2021-05-13 14:16:59 -07:00

k8s-1.18.yaml.template

Permission to create servcice account tokens

2021-05-13 14:16:59 -07:00