|
- # This YAML file contains RBAC API objects that are necessary to run external
- # CSI attacher for rclone adapter
-
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: csi-controller-rclone
- namespace: kube-system
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: external-controller-rclone
- rules:
- - apiGroups: [""]
- resources: ["persistentvolumes"]
- verbs: ["get", "list", "watch", "update"]
- - apiGroups: [""]
- resources: ["nodes"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["csi.storage.k8s.io"]
- resources: ["csinodeinfos"]
- verbs: ["get", "list", "watch"]
- - apiGroups: ["storage.k8s.io"]
- resources: ["volumeattachments"]
- verbs: ["get", "list", "watch", "update"]
-
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: csi-attacher-role-rclone
- subjects:
- - kind: ServiceAccount
- name: csi-controller-rclone
- namespace: kube-system
- roleRef:
- kind: ClusterRole
- name: external-controller-rclone
- apiGroup: rbac.authorization.k8s.io
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: csi-cluster-driver-registrar-role
- rules:
- - apiGroups: ["csi.storage.k8s.io"]
- resources: ["csidrivers"]
- verbs: ["create", "delete"]
- - apiGroups: ["apiextensions.k8s.io"]
- resources: ["customresourcedefinitions"]
- verbs: ["create", "list", "watch", "delete"]
-
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: csi-cluster-driver-registrar-binding
- subjects:
- - kind: ServiceAccount
- name: csi-controller-rclone
- namespace: kube-system
- roleRef:
- kind: ClusterRole
- name: csi-cluster-driver-registrar-role
- apiGroup: rbac.authorization.k8s.io
|
