calico: Add node/status in ClusterRole

The upstream docs [0] were missing a parameters for the calico-node ClusterRole. Without it we get: 2020-02-21 11:41:35.762 [ERROR][8] ... User "system:serviceaccount:kube-system:calico-node" cannot patch resource "nodes/status" in API group "" at the cluster scope [0] https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml Needs to be backported to train. story: 2005318 task: 39041 Change-Id: Ib7d3068ee53c08fea32a69c997b6de6477a17f0a Signed-off-by: Spyros Trigazis <strigazi@gmail.com>
2020-03-12 08:07:36 +00:00 · 2020-03-12 08:07:36 +00:00 · 3667164367
parent f0f3bfb16d
commit 3667164367
1 changed files with 5 additions and 0 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/calico-service.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/calico-service.sh
@ -38,6 +38,11 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
  name: calico-node
 rules:
+  - apiGroups: [""]
+    resources:
+      - nodes/status
+    verbs:
+      - patch
  - apiGroups: [""]
    resources:
      - namespaces