fix: coredns 1.8.4 rbac settings

2021-09-23 16:47:35 +08:00 · 2021-09-23 16:47:35 +08:00 · 785356eba0
parent 4894a3c56e
commit 785356eba0
1 changed files with 9 additions and 11 deletions
--- a/roles/cluster-addon/templates/dns/coredns.yaml.j2
+++ b/roles/cluster-addon/templates/dns/coredns.yaml.j2
@ -22,11 +22,12 @@ rules:
  - list
  - watch
 - apiGroups:
-  - ""
+  - discovery.k8s.io
  resources:
-  - nodes
+  - endpointslices
  verbs:
-  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@ -94,11 +95,13 @@ spec:
      labels:
        k8s-app: kube-dns
    spec:
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
      priorityClassName: system-cluster-critical
      serviceAccountName: coredns
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      nodeSelector:
+        kubernetes.io/os: linux
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
@ -110,11 +113,6 @@ spec:
                    operator: In
                    values: ["kube-dns"]
              topologyKey: kubernetes.io/hostname
-      tolerations:
-        - key: "CriticalAddonsOnly"
-          operator: "Exists"
-      nodeSelector:
-        kubernetes.io/os: linux
      containers:
      - name: coredns
        image: coredns/coredns:{{ corednsVer }}