Fix Cilium permissions (#5923)
* added required permissions for querying endpointslice resources * copy-pasted role permissions from cilium install manifests * bumped cilium version to v1.7.2
This commit is contained in:
Chris
GitHub
@ -80,7 +80,7 @@ cni_version: "v0.8.5"
|
|||||||
weave_version: 2.5.2
|
weave_version: 2.5.2
|
||||||
pod_infra_version: 3.1
|
pod_infra_version: 3.1
|
||||||
contiv_version: 1.2.1
|
contiv_version: 1.2.1
|
||||||
cilium_version: "v1.7.1"
|
cilium_version: "v1.7.2"
|
||||||
kube_ovn_version: "v0.6.0"
|
kube_ovn_version: "v0.6.0"
|
||||||
kube_router_version: "v0.4.0"
|
kube_router_version: "v0.4.0"
|
||||||
multus_version: "v3.4.1"
|
multus_version: "v3.4.1"
|
||||||
|
|||||||
@ -4,13 +4,6 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: cilium-operator
|
name: cilium-operator
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
# to get k8s version and status
|
|
||||||
- componentstatuses
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
@ -22,6 +15,14 @@ rules:
|
|||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
- delete
|
- delete
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
@ -32,6 +33,8 @@ rules:
|
|||||||
# to perform the translation of a CNP that contains `ToGroup` to its endpoints
|
# to perform the translation of a CNP that contains `ToGroup` to its endpoints
|
||||||
- services
|
- services
|
||||||
- endpoints
|
- endpoints
|
||||||
|
# to check apiserver connectivity
|
||||||
|
- namespaces
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
@ -41,6 +44,8 @@ rules:
|
|||||||
resources:
|
resources:
|
||||||
- ciliumnetworkpolicies
|
- ciliumnetworkpolicies
|
||||||
- ciliumnetworkpolicies/status
|
- ciliumnetworkpolicies/status
|
||||||
|
- ciliumclusterwidenetworkpolicies
|
||||||
|
- ciliumclusterwidenetworkpolicies/status
|
||||||
- ciliumendpoints
|
- ciliumendpoints
|
||||||
- ciliumendpoints/status
|
- ciliumendpoints/status
|
||||||
- ciliumnodes
|
- ciliumnodes
|
||||||
@ -63,6 +68,14 @@ rules:
|
|||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
@ -94,7 +107,6 @@ rules:
|
|||||||
- apiGroups:
|
- apiGroups:
|
||||||
- apiextensions.k8s.io
|
- apiextensions.k8s.io
|
||||||
resources:
|
resources:
|
||||||
- ingresses
|
|
||||||
- customresourcedefinitions
|
- customresourcedefinitions
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
|
|||||||
Reference in New Issue
Block a user