File tree Expand file tree Collapse file tree
manifests/machineconfigcontroller Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : rbac.authorization.k8s.io/v1
3+ kind : ClusterRole
4+ metadata :
5+ name : node-credential-providers
6+ rules :
7+ - apiGroups : [""]
8+ resources : ["serviceaccounts"]
9+ verbs : ["get", "list"]
10+ - apiGroups : [""]
11+ resources : ["*"]
12+ verbs : ["request-serviceaccounts-token-audience"]
13+ ---
14+ apiVersion : rbac.authorization.k8s.io/v1
15+ kind : ClusterRoleBinding
16+ metadata :
17+ name : node-credential-providers-binding
18+ roleRef :
19+ apiGroup : rbac.authorization.k8s.io
20+ kind : ClusterRole
21+ name : node-credential-providers
22+ subjects :
23+ - apiGroup : rbac.authorization.k8s.io
24+ kind : Group
25+ # Required for each node, is there a better way to do this?
26+ name : system:nodes
Original file line number Diff line number Diff line change @@ -108,6 +108,18 @@ var (
108108 },
109109 },
110110 },
111+ // Add default policy for KubernetesCredentialProvidersDir
112+ {
113+ Path : constants .KubernetesCredentialProvidersDir ,
114+ Actions : []opv1.NodeDisruptionPolicyStatusAction {
115+ {
116+ Type : opv1 .RestartStatusAction ,
117+ Restart : & opv1.RestartService {
118+ ServiceName : "kubelet.service" ,
119+ },
120+ },
121+ },
122+ },
111123 },
112124 SSHKey : opv1.NodeDisruptionPolicyStatusSSHKey {
113125 Actions : []opv1.NodeDisruptionPolicyStatusAction {
You can’t perform that action at this time.
0 commit comments