Sebastian
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
19 additions and
0 deletions
-
roles/network_plugin/cilium/templates/cilium-cr.yml.j2
|
|
|
@ -69,6 +69,25 @@ rules: |
|
|
|
- get |
|
|
|
- list |
|
|
|
- watch |
|
|
|
{% if cilium_version | regex_replace('v') is version('1.8', '>=') %} |
|
|
|
# For cilium-operator running in HA mode. |
|
|
|
# |
|
|
|
# Cilium operator running in HA mode requires the use of ResourceLock for Leader Election |
|
|
|
# between mulitple running instances. |
|
|
|
# The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less |
|
|
|
# common and fewer objects in the cluster watch "all Leases". |
|
|
|
# The support for leases was introduced in coordination.k8s.io/v1 during Kubernetes 1.14 release. |
|
|
|
# In Cilium we currently don't support HA mode for K8s version < 1.14. This condition make sure |
|
|
|
# that we only authorize access to leases resources in supported K8s versions. |
|
|
|
- apiGroups: |
|
|
|
- coordination.k8s.io |
|
|
|
resources: |
|
|
|
- leases |
|
|
|
verbs: |
|
|
|
- create |
|
|
|
- get |
|
|
|
- update |
|
|
|
{% endif %} |
|
|
|
--- |
|
|
|
apiVersion: rbac.authorization.k8s.io/v1 |
|
|
|
kind: ClusterRole |
|
|
|
|
