Fix node address loading, update RBAC example

CyCoreSystems · Jan 21, 2020 · 699ec00 · 699ec00
1 parent 3b99cc9
commit 699ec00
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/example-daemonset.yaml b/example-daemonset.yaml
@@ -1,11 +1,37 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: node-getter
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: voip-node-getter
+subjects:
+  - kind: User
+    name: system:serviceaccount:voip:default
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: node-getter
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: voip-manager
   namespace: voip
 rules:
   - apiGroups: [""] # "" indicates the core API group
-    resources: ["pods","endpoints","services","nodes"]
+    resources: ["pods","endpoints","services"]
     verbs: ["get", "watch", "list"]
 
 ---

diff --git a/internal/endpoints/endpoints.go b/internal/endpoints/endpoints.go
@@ -40,6 +40,7 @@ func Get(ctx context.Context, c *k8s.Client, epNamespace, epName string) (ret En
 			if err = c.Get(ctx, "", a.GetNodeName(), epNode); err != nil {
 				log.Printf("WARNING: failed to get node %s for endpoint %s: %v", a.GetNodeName(), ep.GetMetadata().GetName(), err)
 			}
+			nodes[a.GetNodeName()] = epNode
 		}
 	}
 

diff --git a/sets/sets.go b/sets/sets.go
@@ -202,11 +202,13 @@ func (s *kubernetesSet) Validate(a string) bool {
 			return true
 		}
 	}
+
 	for _, m := range s.nodeAddresses {
 		if a == m {
 			return true
 		}
 	}
+
 	return false
 }