Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / rook-ceph / templates / role.yaml
blob: 5cedc34916f40b337b37418e7c595c38a7d82e08 [file] [log] [blame]
okozachenko120323147262023-01-28 04:16:42 +1100[diff] [blame]1{{- if .Values.rbacEnable }}
2# Allow the operator to manage resources in its own namespace
3apiVersion: rbac.authorization.k8s.io/v1
4kind: Role
5metadata:
6 name: rook-ceph-system
7 namespace: {{ .Release.Namespace }} # namespace:operator
8 labels:
9 operator: rook
10 storage-backend: ceph
11 {{- include "library.rook-ceph.labels" . | nindent 4 }}
12rules:
13- apiGroups:
14 - ""
15 resources:
16 - pods
17 - configmaps
18 - services
19 verbs:
20 - get
21 - list
22 - watch
23 - patch
24 - create
25 - update
26 - delete
27- apiGroups:
28 - apps
29 - extensions
30 resources:
31 - daemonsets
32 - statefulsets
33 - deployments
34 verbs:
35 - get
36 - list
37 - watch
38 - create
39 - update
40 - delete
41- apiGroups:
42 - batch
43 resources:
44 - cronjobs
45 verbs:
46 - delete
47- apiGroups:
48 - cert-manager.io
49 resources:
50 - certificates
51 - issuers
52 verbs:
53 - get
54 - create
55 - delete
56---
57kind: Role
58apiVersion: rbac.authorization.k8s.io/v1
59metadata:
60 name: cephfs-external-provisioner-cfg
61 namespace: {{ .Release.Namespace }} # namespace:operator
62rules:
63 - apiGroups: ["coordination.k8s.io"]
64 resources: ["leases"]
65 verbs: ["get", "watch", "list", "delete", "update", "create"]
66---
67{{- if and .Values.csi.csiAddons .Values.csi.csiAddons.enabled }}
68kind: Role
69apiVersion: rbac.authorization.k8s.io/v1
70metadata:
71 name: rbd-csi-nodeplugin
72 namespace: {{ .Release.Namespace }} # namespace:operator
73rules:
74 - apiGroups: ["csiaddons.openshift.io"]
75 resources: ["csiaddonsnodes"]
76 verbs: ["create"]
77---
78{{- end }}
79kind: Role
80apiVersion: rbac.authorization.k8s.io/v1
81metadata:
82 name: rbd-external-provisioner-cfg
83 namespace: {{ .Release.Namespace }} # namespace:operator
84rules:
85 - apiGroups: ["coordination.k8s.io"]
86 resources: ["leases"]
87 verbs: ["get", "watch", "list", "delete", "update", "create"]
88 {{- if and .Values.csi.csiAddons .Values.csi.csiAddons.enabled }}
89 - apiGroups: ["csiaddons.openshift.io"]
90 resources: ["csiaddonsnodes"]
91 verbs: ["create"]
92 {{- end }}
93{{- end }}