richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7851 Commits
34 Branches
82 Tags
155 MiB
Tree: ebdc599b05
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ebdc599b05'
${ noResults }
kubespray/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2

110 lines
2.2 KiB
Raw Normal View History

Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
update rbac.authorization.k8s.io to non deprecated api-groups (#5517)
4 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
update calico to 2.6.2 (#1874) Move RS to deployment so no need to take care of the revision history limits : - Delete the old RS - Make Calico manifest a deployment - move deployments to apps/v1beta2 API since Kubernetes 1.8
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
serviceaccounts is required in resources list of cluster role (#3455)
6 years ago
Add RBAC support for canal (#1604) Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
7 years ago
fix(calico): add missing "get" verb (#8847) Signed-off-by: irizzant <i.rizzante@gmail.com>
2 years ago
Add missing RBAC rule #6116 (#6121)
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
serviceaccounts is required in resources list of cluster role (#3455)
6 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Calico: add missing verbs in ClusterRole (#8136)
3 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Calico: add dependencies for 3.21.x (#8250)
3 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
add missing verbs (#9032)
2 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Calico: update crds to v1 and cr (#6360) * Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1 * Align ClusterRole for kube-controllers with upstream (calico)
4 years ago
Fixes issue #7573 - Made Calico permissions compatible with v3.18.x (see https://github.com/projectcalico/calico/issues/4557). Specifically, granted watch to custom resources blockaffinities, ipamblocks & ipamhandles (#7575)
3 years ago
Calico: update crds to v1 and cr (#6360) * Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1 * Align ClusterRole for kube-controllers with upstream (calico)
4 years ago
Patch Calico for V3.14.0 missing CR and CRD (#6276)
4 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
add missing verbs (#9032)
2 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
add missing verbs (#9032)
2 years ago
Patch Calico for V3.14.0 missing CR and CRD (#6276)
4 years ago
  1. ---
  2. kind: ClusterRole
  3. apiVersion: rbac.authorization.k8s.io/v1
  4. metadata:
  5. name: calico-kube-controllers
  6. namespace: kube-system
  7. rules:
  8. {% if calico_datastore == "etcd" %}
  9. - apiGroups:
  10. - ""
  11. - extensions
  12. resources:
  13. - pods
  14. - namespaces
  15. - networkpolicies
  16. - nodes
  17. - serviceaccounts
  18. verbs:
  19. - watch
  20. - list
  21. - get
  22. - apiGroups:
  23. - ""
  24. resources:
  25. - nodes
  26. verbs:
  27. - get
  28. - apiGroups:
  29. - networking.k8s.io
  30. resources:
  31. - networkpolicies
  32. verbs:
  33. - watch
  34. - list
  35. {% elif calico_datastore == "kdd" %}
  36. # Nodes are watched to monitor for deletions.
  37. - apiGroups: [""]
  38. resources:
  39. - nodes
  40. verbs:
  41. - watch
  42. - list
  43. - get
  44. # Pods are queried to check for existence.
  45. - apiGroups: [""]
  46. resources:
  47. - pods
  48. verbs:
  49. - watch
  50. - list
  51. - get
  52. # IPAM resources are manipulated when nodes are deleted.
  53. - apiGroups: ["crd.projectcalico.org"]
  54. resources:
  55. - ipreservations
  56. verbs:
  57. - list
  58. # Pools are watched to maintain a mapping of blocks to IP pools.
  59. - apiGroups: ["crd.projectcalico.org"]
  60. resources:
  61. - ippools
  62. verbs:
  63. - list
  64. - watch
  65. - apiGroups: ["crd.projectcalico.org"]
  66. resources:
  67. - blockaffinities
  68. - ipamblocks
  69. - ipamhandles
  70. verbs:
  71. - get
  72. - list
  73. - create
  74. - update
  75. - delete
  76. - watch
  77. # kube-controllers manages hostendpoints.
  78. - apiGroups: ["crd.projectcalico.org"]
  79. resources:
  80. - hostendpoints
  81. verbs:
  82. - get
  83. - list
  84. - create
  85. - update
  86. - delete
  87. # Needs access to update clusterinformations.
  88. - apiGroups: ["crd.projectcalico.org"]
  89. resources:
  90. - clusterinformations
  91. verbs:
  92. - get
  93. - list
  94. - create
  95. - update
  96. - watch
  97. # KubeControllersConfiguration is where it gets its config
  98. - apiGroups: ["crd.projectcalico.org"]
  99. resources:
  100. - kubecontrollersconfigurations
  101. verbs:
  102. # read its own config
  103. - get
  104. # create a default if none exists
  105. - create
  106. # update status
  107. - update
  108. # watch for changes
  109. - watch
  110. {% endif %}