From e80b5fe6b00fa3c1bf51aafc9aa24e27d26f33e3 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Fri, 7 Dec 2018 20:54:17 +0100 Subject: [PATCH] Fix RBAC configuration Signed-off-by: Mikkel Oscar Lyderik Larsen --- docs/rbac.yaml | 52 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 14 deletions(-) diff --git a/docs/rbac.yaml b/docs/rbac.yaml index 72169a4..6bfc7e9 100644 --- a/docs/rbac.yaml +++ b/docs/rbac.yaml @@ -3,9 +3,7 @@ apiVersion: v1 metadata: name: custom-metrics-apiserver namespace: kube-system - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -15,9 +13,17 @@ rules: - custom.metrics.k8s.io resources: ["*"] verbs: ["*"] - --- - +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-metrics-server-resources +rules: +- apiGroups: + - external.metrics.k8s.io + resources: ["*"] + verbs: ["*"] +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -32,14 +38,19 @@ rules: verbs: - get - list - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: custom-metrics-resource-collector rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch - apiGroups: - "" resources: @@ -59,9 +70,15 @@ rules: - ingresses verbs: - get - +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -74,9 +91,20 @@ subjects: - kind: ServiceAccount name: horizontal-pod-autoscaler namespace: kube-system - --- - +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: hpa-controller-external-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-metrics-server-resources +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -90,9 +118,7 @@ subjects: - kind: ServiceAccount name: custom-metrics-apiserver namespace: kube-system - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -105,9 +131,7 @@ subjects: - kind: ServiceAccount name: custom-metrics-apiserver namespace: kube-system - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: