deploy/kud-plugin-addons/rook/yaml/csi/rbac/cephfs/csi-provisioner-rbac.yaml

   1 apiVersion: v1
   2 kind: ServiceAccount
   3 metadata:
   4   name: rook-csi-cephfs-provisioner-sa
   5   namespace: rook-ceph
   6 ---
   7 kind: ClusterRole
   8 apiVersion: rbac.authorization.k8s.io/v1
   9 metadata:
  10   name: cephfs-external-provisioner-runner
  11 aggregationRule:
  12   clusterRoleSelectors:
  13   - matchLabels:
  14       rbac.ceph.rook.io/aggregate-to-cephfs-external-provisioner-runner: "true"
  15 rules: []
  16 ---
  17 kind: ClusterRole
  18 apiVersion: rbac.authorization.k8s.io/v1
  19 metadata:
  20   name: cephfs-external-provisioner-runner-rules
  21   labels:
  22     rbac.ceph.rook.io/aggregate-to-cephfs-external-provisioner-runner: "true"
  23 rules:
  24   - apiGroups: [""]
  25     resources: ["secrets"]
  26     verbs: ["get", "list"]
  27   - apiGroups: [""]
  28     resources: ["persistentvolumes"]
  29     verbs: ["get", "list", "watch", "create", "delete", "update"]
  30   - apiGroups: [""]
  31     resources: ["persistentvolumeclaims"]
  32     verbs: ["get", "list", "watch", "update"]
  33   - apiGroups: ["storage.k8s.io"]
  34     resources: ["storageclasses"]
  35     verbs: ["get", "list", "watch"]
  36   - apiGroups: [""]
  37     resources: ["events"]
  38     verbs: ["list", "watch", "create", "update", "patch"]
  39   - apiGroups: [""]
  40     resources: ["configmaps"]
  41     verbs: ["get", "list", "create", "delete"]
  42
  43 ---
  44 kind: ClusterRoleBinding
  45 apiVersion: rbac.authorization.k8s.io/v1
  46 metadata:
  47   name: cephfs-csi-provisioner-role
  48 subjects:
  49   - kind: ServiceAccount
  50     name: rook-csi-cephfs-provisioner-sa
  51     namespace: rook-ceph
  52 roleRef:
  53   kind: ClusterRole
  54   name: cephfs-external-provisioner-runner
  55   apiGroup: rbac.authorization.k8s.io