Skip to content

Commit 9211889

Browse files
andyzhangxandyzhangx
committed
chore: add rbac roles for resize volume feature
fix fix
1 parent b28c526 commit 9211889

File tree

3 files changed

+72
-0
lines changed

3 files changed

+72
-0
lines changed

charts/latest/csi-driver-nfs-v0.0.0.tgz

33 Bytes
Binary file not shown.

charts/latest/csi-driver-nfs/templates/rbac-csi-nfs.yaml

+36
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,42 @@ rules:
5757
resources: ["secrets"]
5858
verbs: ["get"]
5959
---
60+
kind: ClusterRole
61+
apiVersion: rbac.authorization.k8s.io/v1
62+
metadata:
63+
name: {{ .Values.rbac.name }}-external-resizer-role
64+
{{ include "nfs.labels" . | indent 2 }}
65+
rules:
66+
- apiGroups: [""]
67+
resources: ["persistentvolumes"]
68+
verbs: ["get", "list", "watch", "update", "patch"]
69+
- apiGroups: [""]
70+
resources: ["persistentvolumeclaims"]
71+
verbs: ["get", "list", "watch"]
72+
- apiGroups: [""]
73+
resources: ["persistentvolumeclaims/status"]
74+
verbs: ["update", "patch"]
75+
- apiGroups: [""]
76+
resources: ["events"]
77+
verbs: ["list", "watch", "create", "update", "patch"]
78+
- apiGroups: ["coordination.k8s.io"]
79+
resources: ["leases"]
80+
verbs: ["get", "list", "watch", "create", "update", "patch"]
81+
---
82+
kind: ClusterRoleBinding
83+
apiVersion: rbac.authorization.k8s.io/v1
84+
metadata:
85+
name: {{ .Values.rbac.name }}-csi-resizer-role
86+
{{ include "nfs.labels" . | indent 2 }}
87+
subjects:
88+
- kind: ServiceAccount
89+
name: {{ .Values.serviceAccount.controller }}
90+
namespace: {{ .Release.Namespace }}
91+
roleRef:
92+
kind: ClusterRole
93+
name: {{ .Values.rbac.name }}-external-resizer-role
94+
apiGroup: rbac.authorization.k8s.io
95+
---
6096
kind: ClusterRoleBinding
6197
apiVersion: rbac.authorization.k8s.io/v1
6298
metadata:

deploy/rbac-csi-nfs.yaml

+36
Original file line numberDiff line numberDiff line change
@@ -64,3 +64,39 @@ roleRef:
6464
kind: ClusterRole
6565
name: nfs-external-provisioner-role
6666
apiGroup: rbac.authorization.k8s.io
67+
---
68+
69+
kind: ClusterRole
70+
apiVersion: rbac.authorization.k8s.io/v1
71+
metadata:
72+
name: nfs-external-resizer-role
73+
rules:
74+
- apiGroups: [""]
75+
resources: ["persistentvolumes"]
76+
verbs: ["get", "list", "watch", "update", "patch"]
77+
- apiGroups: [""]
78+
resources: ["persistentvolumeclaims"]
79+
verbs: ["get", "list", "watch"]
80+
- apiGroups: [""]
81+
resources: ["persistentvolumeclaims/status"]
82+
verbs: ["update", "patch"]
83+
- apiGroups: [""]
84+
resources: ["events"]
85+
verbs: ["list", "watch", "create", "update", "patch"]
86+
- apiGroups: ["coordination.k8s.io"]
87+
resources: ["leases"]
88+
verbs: ["get", "list", "watch", "create", "update", "patch"]
89+
---
90+
91+
kind: ClusterRoleBinding
92+
apiVersion: rbac.authorization.k8s.io/v1
93+
metadata:
94+
name: nfs-csi-resizer-role
95+
subjects:
96+
- kind: ServiceAccount
97+
name: csi-nfs-controller-sa
98+
namespace: kube-system
99+
roleRef:
100+
kind: ClusterRole
101+
name: nfs-external-resizer-role
102+
apiGroup: rbac.authorization.k8s.io

0 commit comments

Comments
 (0)