deploy/kud-plugin-addons/minio/yaml/ceph-volume/csi/rbac/cephfs/csi-nodeplugin-rbac.yaml

   1 apiVersion: v1
   2 kind: ServiceAccount
   3 metadata:
   4   name: rook-csi-cephfs-plugin-sa
   5   namespace: rook-ceph
   6 ---
   7 kind: ClusterRole
   8 apiVersion: rbac.authorization.k8s.io/v1
   9 metadata:
  10   name: cephfs-csi-nodeplugin
  11 aggregationRule:
  12   clusterRoleSelectors:
  13   - matchLabels:
  14       rbac.ceph.rook.io/aggregate-to-cephfs-csi-nodeplugin: "true"
  15 rules: []
  16 ---
  17 kind: ClusterRole
  18 apiVersion: rbac.authorization.k8s.io/v1
  19 metadata:
  20   name: cephfs-csi-nodeplugin-rules
  21   labels:
  22     rbac.ceph.rook.io/aggregate-to-cephfs-csi-nodeplugin: "true"
  23 rules:
  24   - apiGroups: [""]
  25     resources: ["nodes"]
  26     verbs: ["get", "list", "update"]
  27   - apiGroups: [""]
  28     resources: ["namespaces"]
  29     verbs: ["get", "list"]
  30   - apiGroups: [""]
  31     resources: ["persistentvolumes"]
  32     verbs: ["get", "list", "watch", "update"]
  33   - apiGroups: ["storage.k8s.io"]
  34     resources: ["volumeattachments"]
  35     verbs: ["get", "list", "watch", "update"]
  36   - apiGroups: [""]
  37     resources: ["configmaps"]
  38     verbs: ["get", "list"]
  39
  40 ---
  41 kind: ClusterRoleBinding
  42 apiVersion: rbac.authorization.k8s.io/v1
  43 metadata:
  44   name: cephfs-csi-nodeplugin
  45 subjects:
  46   - kind: ServiceAccount
  47     name: rook-csi-cephfs-plugin-sa
  48     namespace: rook-ceph
  49 roleRef:
  50   kind: ClusterRole
  51   name: cephfs-csi-nodeplugin
  52   apiGroup: rbac.authorization.k8s.io