Skip to content
This repository was archived by the owner on Apr 4, 2020. It is now read-only.

Commit

Permalink
https://github.com/kubernetes/kubernetes/pull/84282
Browse files Browse the repository at this point in the history
  • Loading branch information
@hswong3i
hswong3i committed Dec 20, 2019
1 parent 5216af8 commit 800ae6d
Showing 1 changed file with 58 additions and 1 deletion.
59 changes: 58 additions & 1 deletion templates/etc/kubernetes/addons/cephfs-provisioner.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cephfs-provisioner
namespace: cephfs-provisioner
labels:
app.kubernetes.io/name: cephfs-provisioner
app.kubernetes.io/part-of: cephfs-provisioner
Expand All @@ -97,6 +96,64 @@ rules:
resources: ["secrets"]
verbs: ["get", "create", "delete"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:csi-external-attacher
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
app.kubernetes.io/name: cephfs-provisioner
app.kubernetes.io/part-of: cephfs-provisioner
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/bootstrapping: rbac-defaults
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "get", "list", "patch", "update", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:csi-external-provisioner
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
app.kubernetes.io/name: cephfs-provisioner
app.kubernetes.io/part-of: cephfs-provisioner
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/bootstrapping: rbac-defaults
rules:
- apiGroups: [""]
resources:["persistentvolumes"]
verbs: ["create", "delete", "get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "patch", "update", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "get", "list", "patch", "update", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
Expand Down

0 comments on commit 800ae6d

Please sign in to comment.