Skip to content

Commit 63c41cc

Browse files
andyzhangxandyzhangx
committed
chore: add rbac roles for resize volume feature
fix
1 parent b28c526 commit 63c41cc

File tree

3 files changed

+74
-0
lines changed

3 files changed

+74
-0
lines changed

charts/latest/csi-driver-nfs-v0.0.0.tgz

47 Bytes
Binary file not shown.

charts/latest/csi-driver-nfs/templates/rbac-csi-nfs.yaml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,44 @@ rules:
5757
resources: ["secrets"]
5858
verbs: ["get"]
5959
---
60+
kind: ClusterRole
61+
apiVersion: rbac.authorization.k8s.io/v1
62+
metadata:
63+
name: {{ .Values.rbac.name }}-external-resizer-role
64+
labels:
65+
{{- include "nfs.labels" . | nindent 4 }}
66+
rules:
67+
- apiGroups: [""]
68+
resources: ["persistentvolumes"]
69+
verbs: ["get", "list", "watch", "update", "patch"]
70+
- apiGroups: [""]
71+
resources: ["persistentvolumeclaims"]
72+
verbs: ["get", "list", "watch"]
73+
- apiGroups: [""]
74+
resources: ["persistentvolumeclaims/status"]
75+
verbs: ["update", "patch"]
76+
- apiGroups: [""]
77+
resources: ["events"]
78+
verbs: ["list", "watch", "create", "update", "patch"]
79+
- apiGroups: ["coordination.k8s.io"]
80+
resources: ["leases"]
81+
verbs: ["get", "list", "watch", "create", "update", "patch"]
82+
---
83+
kind: ClusterRoleBinding
84+
apiVersion: rbac.authorization.k8s.io/v1
85+
metadata:
86+
name: {{ .Values.rbac.name }}-csi-resizer-role
87+
labels:
88+
{{- include "nfs.labels" . | nindent 4 }}
89+
subjects:
90+
- kind: ServiceAccount
91+
name: {{ .Values.serviceAccount.controller }}
92+
namespace: {{ .Release.Namespace }}
93+
roleRef:
94+
kind: ClusterRole
95+
name: {{ .Values.rbac.name }}-external-resizer-role
96+
apiGroup: rbac.authorization.k8s.io
97+
---
6098
kind: ClusterRoleBinding
6199
apiVersion: rbac.authorization.k8s.io/v1
62100
metadata:

deploy/rbac-csi-nfs.yaml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,3 +64,39 @@ roleRef:
6464
kind: ClusterRole
6565
name: nfs-external-provisioner-role
6666
apiGroup: rbac.authorization.k8s.io
67+
---
68+
69+
kind: ClusterRole
70+
apiVersion: rbac.authorization.k8s.io/v1
71+
metadata:
72+
name: nfs-external-resizer-role
73+
rules:
74+
- apiGroups: [""]
75+
resources: ["persistentvolumes"]
76+
verbs: ["get", "list", "watch", "update", "patch"]
77+
- apiGroups: [""]
78+
resources: ["persistentvolumeclaims"]
79+
verbs: ["get", "list", "watch"]
80+
- apiGroups: [""]
81+
resources: ["persistentvolumeclaims/status"]
82+
verbs: ["update", "patch"]
83+
- apiGroups: [""]
84+
resources: ["events"]
85+
verbs: ["list", "watch", "create", "update", "patch"]
86+
- apiGroups: ["coordination.k8s.io"]
87+
resources: ["leases"]
88+
verbs: ["get", "list", "watch", "create", "update", "patch"]
89+
---
90+
91+
kind: ClusterRoleBinding
92+
apiVersion: rbac.authorization.k8s.io/v1
93+
metadata:
94+
name: nfs-csi-resizer-role
95+
subjects:
96+
- kind: ServiceAccount
97+
name: csi-nfs-controller-sa
98+
namespace: kube-system
99+
roleRef:
100+
kind: ClusterRole
101+
name: nfs-external-resizer-role
102+
apiGroup: rbac.authorization.k8s.io

0 commit comments

Comments
 (0)