deploy/kud-plugin-addons/minio/yaml/ceph-volume/csi/rbac/rbd/csi-nodeplugin-rbac.yaml

   1 apiVersion: v1
   2 kind: ServiceAccount
   3 metadata:
   4   name: rook-csi-rbd-plugin-sa
   5   namespace: rook-ceph
   6
   7 ---
   8 kind: ClusterRole
   9 apiVersion: rbac.authorization.k8s.io/v1
  10 metadata:
  11   name: rbd-csi-nodeplugin
  12 aggregationRule:
  13   clusterRoleSelectors:
  14   - matchLabels:
  15       rbac.ceph.rook.io/aggregate-to-rbd-csi-nodeplugin: "true"
  16 rules: []
  17 ---
  18 kind: ClusterRole
  19 apiVersion: rbac.authorization.k8s.io/v1
  20 metadata:
  21   name: rbd-csi-nodeplugin-rules
  22   labels:
  23     rbac.ceph.rook.io/aggregate-to-rbd-csi-nodeplugin: "true"
  24 rules:
  25   - apiGroups: [""]
  26     resources: ["nodes"]
  27     verbs: ["get", "list", "update"]
  28   - apiGroups: [""]
  29     resources: ["namespaces"]
  30     verbs: ["get", "list"]
  31   - apiGroups: [""]
  32     resources: ["persistentvolumes"]
  33     verbs: ["get", "list", "watch", "update"]
  34   - apiGroups: ["storage.k8s.io"]
  35     resources: ["volumeattachments"]
  36     verbs: ["get", "list", "watch", "update"]
  37   - apiGroups: [""]
  38     resources: ["configmaps"]
  39     verbs: ["get", "list"]
  40
  41 ---
  42 kind: ClusterRoleBinding
  43 apiVersion: rbac.authorization.k8s.io/v1
  44 metadata:
  45   name: rbd-csi-nodeplugin
  46 subjects:
  47   - kind: ServiceAccount
  48     name: rook-csi-rbd-plugin-sa
  49     namespace: rook-ceph
  50 roleRef:
  51   kind: ClusterRole
  52   name: rbd-csi-nodeplugin
  53   apiGroup: rbac.authorization.k8s.io