Merge pull request #70 from SomtochiAma/kubeproxy-complete

Adds role for manager
kubernetes-sigs · Jul 9, 2020 · 8a52baa · 8a52baa
2 parents 6953455 + 84f6287
commit 8a52baa
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 1 deletion.
diff --git a/kubeproxy/config/manager/patches/apiserver_endpoint.patch.yaml b/kubeproxy/config/manager/patches/apiserver_endpoint.patch.yaml
@@ -10,6 +10,6 @@ spec:
       - name: manager
         env:
           - name: KUBERNETES_SERVICE_HOST
-            value: "172.17.0.2"
+            value: "172.17.0.3"
           - name: KUBERNETES_SERVICE_PORT
             value: "6443"
diff --git a/kubeproxy/config/rbac/kustomization.yaml b/kubeproxy/config/rbac/kustomization.yaml
@@ -3,6 +3,8 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- manager_role.yaml
+- manager_rolebinding.yaml
 # Comment the following 3 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.

diff --git a/kubeproxy/config/rbac/manager_role.yaml b/kubeproxy/config/rbac/manager_role.yaml
@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: main-manager-role
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["list", "get", "watch"]
+- apiGroups: [""]
+  resources: ["events", "serviceaccounts"]
+  verbs: ["create", "patch", "update"]
+- apiGroups: ["apps", "extensions"]
+  resources: ["daemonsets"]
+  verbs: ["get", "watch", "list", "create", "patch"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["clusterrolebindings"]
+  verbs: ["get", "watch", "list", "create"]
+- apiGroups: ["app.k8s.io"]
+  resources: ["applications"]
+  verbs: ["get", "watch", "list", "create", "patch"]
+- apiGroups: ["discovery.k8s.io"]
+  resources: ["endpointslices"]
+  verbs: ["list", "watch"]
+- apiGroups: ["events.k8s.io"]
+  resources: ["events"]
+  verbs: ["create", "patch", "update"]
diff --git a/kubeproxy/config/rbac/manager_rolebinding.yaml b/kubeproxy/config/rbac/manager_rolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: main-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: main-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: system
diff --git a/kubeproxy/main.go b/kubeproxy/main.go
@@ -57,6 +57,7 @@ func main() {
 		Scheme:             scheme,
 		MetricsBindAddress: metricsAddr,
 		LeaderElection:     enableLeaderElection,
+		LeaderElectionID:   "kubeproxy-operator",
 		Port:               9443,
 	})
 	if err != nil {