add pdb policy rbac

2025-01-04 20:56:34 -06:00 · 2025-01-04 20:56:34 -06:00 · 8eba7e23b9
commit 8eba7e23b9
parent c9183959bd
2 changed files with 22 additions and 0 deletions
--- a/kubernetes/apps/kube-system/descheduler/app/kustomization.yaml
+++ b/kubernetes/apps/kube-system/descheduler/app/kustomization.yaml
@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
+  - ./rbac.yaml
--- a/kubernetes/apps/kube-system/descheduler/app/rbac.yaml
+++ b/kubernetes/apps/kube-system/descheduler/app/rbac.yaml
@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: descheduler-pdb-reader
+rules:
+- apiGroups: ["policy"]
+  resources: ["poddisruptionbudgets"]
+  verbs: ["list", "get", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: descheduler-pdb-reader
+subjects:
+- kind: ServiceAccount
+  name: descheduler
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: descheduler-pdb-reader
+  apiGroup: rbac.authorization.k8s.io