From 8777410dbb12584249baf04071848184dd508a49 Mon Sep 17 00:00:00 2001 From: Conrad Hoffmann Date: Thu, 28 Sep 2023 10:27:21 +0200 Subject: [PATCH] Add Coredns service account + RBAC and token --- coredns/coredns.yaml | 56 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 coredns/coredns.yaml diff --git a/coredns/coredns.yaml b/coredns/coredns.yaml new file mode 100644 index 0000000..4645899 --- /dev/null +++ b/coredns/coredns.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:coredns +rules: + - apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:coredns +subjects: +- kind: ServiceAccount + name: coredns + namespace: kube-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: coredns-token + namespace: kube-system + annotations: + kubernetes.io/service-account.name: coredns +type: kubernetes.io/service-account-token -- 2.45.2