48 lines
993 B
Bash
48 lines
993 B
Bash
#!/bin/sh -x
|
|
|
|
. /etc/sysconfig/heat-params
|
|
|
|
echo "Waiting for Kubernetes API..."
|
|
until curl --silent "http://127.0.0.1:8080/version"
|
|
do
|
|
sleep 5
|
|
done
|
|
|
|
cat <<EOF | kubectl apply --validate=false -f -
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRole
|
|
metadata:
|
|
annotations:
|
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
|
labels:
|
|
kubernetes.io/bootstrapping: rbac-defaults
|
|
name: system:kube-apiserver-to-kubelet
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes/proxy
|
|
- nodes/stats
|
|
- nodes/log
|
|
- nodes/spec
|
|
- nodes/metrics
|
|
verbs:
|
|
- "*"
|
|
EOF
|
|
|
|
cat <<EOF | kubectl apply --validate=false -f -
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: system:kube-apiserver
|
|
namespace: ""
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:kube-apiserver-to-kubelet
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: User
|
|
name: kubernetes
|
|
EOF
|