charts/rook-ceph/templates/rolebinding.yaml - atmosphere - Gitiles

 {{- if .Values.rbacEnable }}
 # Grant the operator, agent, and discovery agents access to resources in the rook-ceph-system namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-system
   namespace: {{ .Release.Namespace }} # namespace:operator
   labels:
     operator: rook
     storage-backend: ceph
     {{- include "library.rook-ceph.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-system
 subjects:
 - kind: ServiceAccount
   name: rook-ceph-system
   namespace: {{ .Release.Namespace }} # namespace:operator
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-provisioner-role-cfg
   namespace: {{ .Release.Namespace }} # namespace:operator
 subjects:
   - kind: ServiceAccount
     name: rook-csi-cephfs-provisioner-sa
     namespace: {{ .Release.Namespace }} # namespace:operator
 roleRef:
   kind: Role
   name: cephfs-external-provisioner-cfg
   apiGroup: rbac.authorization.k8s.io
 ---
 {{- if and .Values.csi.csiAddons .Values.csi.csiAddons.enabled }}
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-nodeplugin-role-cfg
   namespace: {{ .Release.Namespace }} # namespace:operator
 subjects:
   - kind: ServiceAccount
     name: rook-csi-rbd-plugin-sa
     namespace: {{ .Release.Namespace }} # namespace:operator
 roleRef:
   kind: Role
   name: rbd-csi-nodeplugin
   apiGroup: rbac.authorization.k8s.io
 ---
 {{- end }}
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-provisioner-role-cfg
   namespace: {{ .Release.Namespace }} # namespace:operator
 subjects:
   - kind: ServiceAccount
     name: rook-csi-rbd-provisioner-sa
     namespace: {{ .Release.Namespace }} # namespace:operator
 roleRef:
   kind: Role
   name: rbd-external-provisioner-cfg
   apiGroup: rbac.authorization.k8s.io
 {{- end }}
	{{- if .Values.rbacEnable }}
	# Grant the operator, agent, and discovery agents access to resources in the rook-ceph-system namespace
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: rook-ceph-system
	namespace: {{ .Release.Namespace }} # namespace:operator
	labels:
	operator: rook
	storage-backend: ceph
	{{- include "library.rook-ceph.labels" . \| nindent 4 }}
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: rook-ceph-system
	subjects:
	- kind: ServiceAccount
	name: rook-ceph-system
	namespace: {{ .Release.Namespace }} # namespace:operator
	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: cephfs-csi-provisioner-role-cfg
	namespace: {{ .Release.Namespace }} # namespace:operator
	subjects:
	- kind: ServiceAccount
	name: rook-csi-cephfs-provisioner-sa
	namespace: {{ .Release.Namespace }} # namespace:operator
	roleRef:
	kind: Role
	name: cephfs-external-provisioner-cfg
	apiGroup: rbac.authorization.k8s.io
	---
	{{- if and .Values.csi.csiAddons .Values.csi.csiAddons.enabled }}
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: rbd-csi-nodeplugin-role-cfg
	namespace: {{ .Release.Namespace }} # namespace:operator
	subjects:
	- kind: ServiceAccount
	name: rook-csi-rbd-plugin-sa
	namespace: {{ .Release.Namespace }} # namespace:operator
	roleRef:
	kind: Role
	name: rbd-csi-nodeplugin
	apiGroup: rbac.authorization.k8s.io
	---
	{{- end }}
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: rbd-csi-provisioner-role-cfg
	namespace: {{ .Release.Namespace }} # namespace:operator
	subjects:
	- kind: ServiceAccount
	name: rook-csi-rbd-provisioner-sa
	namespace: {{ .Release.Namespace }} # namespace:operator
	roleRef:
	kind: Role
	name: rbd-external-provisioner-cfg
	apiGroup: rbac.authorization.k8s.io
	{{- end }}