| okozachenko1203 | 2314726 | 2023-01-28 04:16:42 +1100 | [diff] [blame] | 1 | {{- if .Values.rbacEnable }} |
| 2 | # Grant the operator, agent, and discovery agents access to resources in the rook-ceph-system namespace |
| 3 | kind: RoleBinding |
| 4 | apiVersion: rbac.authorization.k8s.io/v1 |
| 5 | metadata: |
| 6 | name: rook-ceph-system |
| 7 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 8 | labels: |
| 9 | operator: rook |
| 10 | storage-backend: ceph |
| 11 | {{- include "library.rook-ceph.labels" . | nindent 4 }} |
| 12 | roleRef: |
| 13 | apiGroup: rbac.authorization.k8s.io |
| 14 | kind: Role |
| 15 | name: rook-ceph-system |
| 16 | subjects: |
| 17 | - kind: ServiceAccount |
| 18 | name: rook-ceph-system |
| 19 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 20 | --- |
| 21 | kind: RoleBinding |
| 22 | apiVersion: rbac.authorization.k8s.io/v1 |
| 23 | metadata: |
| 24 | name: cephfs-csi-provisioner-role-cfg |
| 25 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 26 | subjects: |
| 27 | - kind: ServiceAccount |
| 28 | name: rook-csi-cephfs-provisioner-sa |
| 29 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 30 | roleRef: |
| 31 | kind: Role |
| 32 | name: cephfs-external-provisioner-cfg |
| 33 | apiGroup: rbac.authorization.k8s.io |
| 34 | --- |
| 35 | {{- if and .Values.csi.csiAddons .Values.csi.csiAddons.enabled }} |
| 36 | kind: RoleBinding |
| 37 | apiVersion: rbac.authorization.k8s.io/v1 |
| 38 | metadata: |
| 39 | name: rbd-csi-nodeplugin-role-cfg |
| 40 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 41 | subjects: |
| 42 | - kind: ServiceAccount |
| 43 | name: rook-csi-rbd-plugin-sa |
| 44 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 45 | roleRef: |
| 46 | kind: Role |
| 47 | name: rbd-csi-nodeplugin |
| 48 | apiGroup: rbac.authorization.k8s.io |
| 49 | --- |
| 50 | {{- end }} |
| 51 | kind: RoleBinding |
| 52 | apiVersion: rbac.authorization.k8s.io/v1 |
| 53 | metadata: |
| 54 | name: rbd-csi-provisioner-role-cfg |
| 55 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 56 | subjects: |
| 57 | - kind: ServiceAccount |
| 58 | name: rook-csi-rbd-provisioner-sa |
| 59 | namespace: {{ .Release.Namespace }} # namespace:operator |
| 60 | roleRef: |
| 61 | kind: Role |
| 62 | name: rbd-external-provisioner-cfg |
| 63 | apiGroup: rbac.authorization.k8s.io |
| 64 | {{- end }} |