// ClusterRoleBindings return default rolebindings to the default roles func ClusterRoleBindings() []rbac.ClusterRoleBinding { return []rbac.ClusterRoleBinding{ rbac.NewClusterBinding("cluster-admin").Groups(user.SystemPrivilegedGroup).BindingOrDie(), rbac.NewClusterBinding("system:discovery").Groups(user.AllAuthenticated, user.AllUnauthenticated).BindingOrDie(), rbac.NewClusterBinding("system:basic-user").Groups(user.AllAuthenticated, user.AllUnauthenticated).BindingOrDie(), } }
// ClusterRoleBindings return default rolebindings to the default roles func ClusterRoleBindings() []rbac.ClusterRoleBinding { rolebindings := []rbac.ClusterRoleBinding{ rbac.NewClusterBinding("cluster-admin").Groups(user.SystemPrivilegedGroup).BindingOrDie(), rbac.NewClusterBinding("system:discovery").Groups(user.AllAuthenticated, user.AllUnauthenticated).BindingOrDie(), rbac.NewClusterBinding("system:basic-user").Groups(user.AllAuthenticated, user.AllUnauthenticated).BindingOrDie(), rbac.NewClusterBinding("system:node").Groups(user.NodesGroup).BindingOrDie(), rbac.NewClusterBinding("system:node-proxier").Groups(user.NodesGroup).BindingOrDie(), } addClusterRoleBindingLabel(rolebindings) return rolebindings }
func addControllerRole(role rbac.ClusterRole) { if !strings.HasPrefix(role.Name, saRolePrefix) { glog.Fatalf(`role %q must start with %q`, role.Name, saRolePrefix) } for _, existingRole := range controllerRoles { if role.Name == existingRole.Name { glog.Fatalf("role %q was already registered", role.Name) } } controllerRoles = append(controllerRoles, role) controllerRoleBindings = append(controllerRoleBindings, rbac.NewClusterBinding(role.Name).SAs("kube-system", role.Name[len(saRolePrefix):]).BindingOrDie()) }