|
73 | 73 | SuggestedFlowSchemaSystemNodeHigh, // references "node-high" priority-level |
74 | 74 | SuggestedFlowSchemaProbes, // references "exempt" priority-level |
75 | 75 | SuggestedFlowSchemaSystemLeaderElection, // references "leader-election" priority-level |
76 | | - SuggestedFlowSchemaWorkloadLeaderElection, // references "leader-election" priority-level |
77 | | - SuggestedFlowSchemaEndpointsController, // references "workload-high" priority-level |
78 | 76 | SuggestedFlowSchemaKubeControllerManager, // references "workload-high" priority-level |
79 | 77 | SuggestedFlowSchemaKubeScheduler, // references "workload-high" priority-level |
80 | 78 | SuggestedFlowSchemaKubeSystemServiceAccounts, // references "workload-high" priority-level |
@@ -310,52 +308,6 @@ var ( |
310 | 308 | }, |
311 | 309 | }, |
312 | 310 | ) |
313 | | - // We add an explicit rule for endpoint-controller with high precedence |
314 | | - // to ensure that those calls won't get caught by the following |
315 | | - // <workload-leader-election> flow-schema. |
316 | | - // |
317 | | - // TODO(#80289): Get rid of this rule once we get rid of support for |
318 | | - // using endpoints and configmaps objects for leader election. |
319 | | - SuggestedFlowSchemaEndpointsController = newFlowSchema( |
320 | | - "endpoint-controller", "workload-high", 150, |
321 | | - flowcontrol.FlowDistinguisherMethodByUserType, |
322 | | - flowcontrol.PolicyRulesWithSubjects{ |
323 | | - Subjects: append( |
324 | | - users(user.KubeControllerManager), |
325 | | - kubeSystemServiceAccount("endpoint-controller", "endpointslicemirroring-controller")...), |
326 | | - ResourceRules: []flowcontrol.ResourcePolicyRule{ |
327 | | - resourceRule( |
328 | | - []string{"get", "create", "update"}, |
329 | | - []string{corev1.GroupName}, |
330 | | - []string{"endpoints"}, |
331 | | - []string{flowcontrol.NamespaceEvery}, |
332 | | - false), |
333 | | - }, |
334 | | - }, |
335 | | - ) |
336 | | - // TODO(#80289): Get rid of this rule once we get rid of support for |
337 | | - // using endpoints and configmaps objects for leader election. |
338 | | - SuggestedFlowSchemaWorkloadLeaderElection = newFlowSchema( |
339 | | - "workload-leader-election", "leader-election", 200, |
340 | | - flowcontrol.FlowDistinguisherMethodByUserType, |
341 | | - flowcontrol.PolicyRulesWithSubjects{ |
342 | | - Subjects: kubeSystemServiceAccount(flowcontrol.NameAll), |
343 | | - ResourceRules: []flowcontrol.ResourcePolicyRule{ |
344 | | - resourceRule( |
345 | | - []string{"get", "create", "update"}, |
346 | | - []string{corev1.GroupName}, |
347 | | - []string{"endpoints", "configmaps"}, |
348 | | - []string{flowcontrol.NamespaceEvery}, |
349 | | - false), |
350 | | - resourceRule( |
351 | | - []string{"get", "create", "update"}, |
352 | | - []string{coordinationv1.GroupName}, |
353 | | - []string{"leases"}, |
354 | | - []string{flowcontrol.NamespaceEvery}, |
355 | | - false), |
356 | | - }, |
357 | | - }, |
358 | | - ) |
359 | 311 | SuggestedFlowSchemaSystemNodeHigh = newFlowSchema( |
360 | 312 | "system-node-high", "node-high", 400, |
361 | 313 | flowcontrol.FlowDistinguisherMethodByUserType, |
|
0 commit comments