Added ClusterRoleBinding for configmap.

kelseyhightower · Aug 22, 2017 · f6070b1 · f6070b1
1 parent 2645c93
commit f6070b1
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/docs/deploy-envoy-initializer.md b/docs/deploy-envoy-initializer.md
@@ -20,6 +20,14 @@ The Envoy Initializer is configured using a ConfigMap, identified by the `-confi
 kubectl apply -f configmaps/envoy-initializer.yaml
 ```
 
+### Create the ClusterRoleBinding
+
+The `ClusterRoleBinding` is needed to make sure the user `system:serviceaccount:default:default` have permission to get data from configmap `envoy-initializer`. 
+
+```
+kubectl apply -f rbac/bindings.yaml
+```
+
 ### Create the Envoy Initializer Deployment
 
 Deploy the `envoy-initializer` controller:

diff --git a/rbac/bindings.yaml b/rbac/bindings.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-admin-for-configmap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: system:serviceaccount:default:default