ansible: Allow host-provisioner to read root CA
The Kubernetes root CA certificate is stored in a ConfigMap named `kube-root-ca.crt` in every namespace. The _host-provisioner_ needs to be able to read this ConfigMap in order to prepare control plane nodes, as it is used by HAProxy to check the health of the API servers running on each node.pull/74/head
parent
484c17c1d5
commit
36015084c8
|
|
@ -54,6 +54,7 @@ rules:
|
||||||
- get
|
- get
|
||||||
resourceNames:
|
resourceNames:
|
||||||
- cluster-info
|
- cluster-info
|
||||||
|
- kube-root-ca.crt
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue