External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-11 10:00:03 -03:30
Code Issues Packages Projects Releases Wiki Activity
kubespray/roles/network_plugin/calico
History
k8s-infra-cherrypick-robot e5a1f68a2c
Update Calico apiserver RBAC for Kubernetes 1.33+ (#12695) 
Add missing RBAC permissions for Calico apiserver to function correctly
with Kubernetes 1.33+

Changes:

1. Add K8s 1.33 ValidatingAdmissionPolicy resources to calico-webhook-reader
   - validatingadmissionpolicies
   - validatingadmissionpolicybindings

Kubernetes 1.33 introduced ValidatingAdmissionPolicy resources (KEP-3488)
that require explicit RBAC permissions. Without these changes, Calico
apiserver on k8s 1.33+ will not work and needless errors are logged

Co-authored-by: rickerc <chris.ricker@gmail.com>
2025-11-14 04:49:38 -08:00
..
files
Add subjectAltName to calico-apiserver certificate (#8907)
2022-06-06 07:38:23 -07:00
handlers
Refactor "multi" handlers to use listen (#10542)
2023-11-08 12:28:30 +01:00
meta
Disable podCIDR allocation from control-plane when using calico (#10639)
2023-12-12 14:38:36 +01:00
rr
Do not use ‘yes/no’ for boolean values (#11472)
2024-08-28 06:30:56 +01:00
tasks
Fixed syntax error in _bgp_config dict (#12258)
2025-07-10 18:43:27 -07:00
templates
Update Calico apiserver RBAC for Kubernetes 1.33+ (#12695)
2025-11-14 04:49:38 -08:00
vars
Calico: add wireguard support for Rocky Linux 9 (#9287)
2022-09-20 00:29:20 -07:00