Add role and rolebinding for cephfs

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-11-09 16:00:22 +00:00 · 2019-02-27 16:44:46 +05:30 · 2019-02-27 16:44:46 +05:30 · 119504c004
commit 119504c004
parent c9815e99a9
2 changed files with 40 additions and 0 deletions
--- a/deploy/cephfs/helm/templates/provisioner-role.yaml
+++ b/deploy/cephfs/helm/templates/provisioner-role.yaml
@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}} 
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+{{- end -}}
--- a/deploy/cephfs/helm/templates/provisioner-rolebinding.yaml
+++ b/deploy/cephfs/helm/templates/provisioner-rolebinding.yaml
@ -0,0 +1,21 @@
+{{- if .Values.rbac.create -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+  namespace: {{ .Release.Namespace }}
+{{- end -}}