JCS-pub/deploy/x86/yaml/csi/csi-controller-rbac.yaml

# This YAML file contains RBAC API objects that are necessary to run external
# CSI attacher for rclone adapter

apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-controller-rclone
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: external-controller-rclone
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["csi.storage.k8s.io"]
    resources: ["csinodeinfos"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "create", "update"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-attacher-role-rclone
subjects:
  - kind: ServiceAccount
    name: csi-controller-rclone
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: external-controller-rclone
  apiGroup: rbac.authorization.k8s.io