Update policy for users to be able to interact with PDB

soltysh · soltysh · commit 34aab1b9832b · 2016-10-21T14:27:39.000+02:00
diff --git a/pkg/cmd/server/bootstrappolicy/policy.go b/pkg/cmd/server/bootstrappolicy/policy.go
@@ -238,6 +238,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
 					"replicasets", "replicasets/scale", "deployments", "deployments/scale").RuleOrDie(),
 				authorizationapi.NewRule(read...).Groups(extensionsGroup).Resources("daemonsets").RuleOrDie(),
 
+				authorizationapi.NewRule(readWrite...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(),
+
 				authorizationapi.NewRule(readWrite...).Groups(appsGroup).Resources("petsets").RuleOrDie(),
 
 				authorizationapi.NewRule(readWrite...).Groups(authzGroup).Resources("roles", "rolebindings").RuleOrDie(),
diff --git a/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml b/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml
@@ -555,6 +555,20 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - policy
+    attributeRestrictions: null
+    resources:
+    - poddisruptionbudgets
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
   - apiGroups:
     - apps
     attributeRestrictions: null
