Skip to content

Commit

Permalink
Add new RBAC rules for CSIDriver
Browse files Browse the repository at this point in the history 
Nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
  • Loading branch information
@jsafrane @gnufied
jsafrane authored and gnufied committed Sep 6, 2018
1 parent db94508 commit dc6be0c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ func NodeRules() []rbacv1.PolicyRule {
if utilfeature.DefaultFeatureGate.Enabled(features.CSIPersistentVolume) {
volAttachRule := rbacv1helpers.NewRule("get").Groups(storageGroup).Resources("volumeattachments").RuleOrDie()
nodePolicyRules = append(nodePolicyRules, volAttachRule)
if utilfeature.DefaultFeatureGate.Enabled(features.CSISkipAttach) {
if utilfeature.DefaultFeatureGate.Enabled(features.CSISkipAttach) || utilfeature.DefaultFeatureGate.Enabled(features.CSIPodInfo) {
csiDriverRule := rbacv1helpers.NewRule("get", "watch", "list").Groups("csi.storage.k8s.io").Resources("csidrivers").RuleOrDie()
nodePolicyRules = append(nodePolicyRules, csiDriverRule)
}
Expand Down

0 comments on commit dc6be0c

Please sign in to comment.