Yuvipanda has submitted this change and it was merged.
Change subject: tools: Add kube-system service account to abac
......................................................................
tools: Add kube-system service account to abac
Allows it to read everything. Useful for setting up DNS
Change-Id: Id69ae1f4dff81eaa26a93b22fe93f2a28604a213
---
M modules/k8s/templates/abac.json.erb
1 file changed, 1 insertion(+), 0 deletions(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
diff --git a/modules/k8s/templates/abac.json.erb
b/modules/k8s/templates/abac.json.erb
index 19f6c96..63315c3 100644
--- a/modules/k8s/templates/abac.json.erb
+++ b/modules/k8s/templates/abac.json.erb
@@ -1,5 +1,6 @@
{"readonly": true, "resource": "swaggerapi"}
{"readonly": true, "nonResourcePath": "/api"}
+{"user": "system:serviceaccount:kube-system:default", "readonly": true}
<%- @users.each do |user| -%>
<%- if user['type'] == 'namespaced' -%>
<%- @namespace_allowed_resources.each do |resource| -%>
--
To view, visit https://gerrit.wikimedia.org/r/268050
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id69ae1f4dff81eaa26a93b22fe93f2a28604a213
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
