deploy: add deployment artifacts for NFS support

These deployment files are heavily based on the CephFS deployment. Deploying an environment with these files work for me in minikube. This should make it possible to add e2e testing as well. Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-13 10:33:35 +00:00 · 2022-03-30 10:06:07 +02:00
parent 591cd694ab
commit 804e2715d8
14 changed files with 746 additions and 0 deletions
--- a/deploy/nfs/kubernetes/csi-provisioner-psp.yaml
+++ b/deploy/nfs/kubernetes/csi-provisioner-psp.yaml
@ -0,0 +1,55 @@
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: nfs-csi-provisioner-psp
+spec:
+  fsGroup:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'hostPath'
+  allowedHostPaths:
+    - pathPrefix: '/dev'
+      readOnly: false
+    - pathPrefix: '/sys'
+      readOnly: false
+    - pathPrefix: '/lib/modules'
+      readOnly: true
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-csi-provisioner-psp
+  # replace with non-default namespace name
+  namespace: default
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs: ['use']
+    resourceNames: ['nfs-csi-provisioner-psp']
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-csi-provisioner-psp
+  # replace with non-default namespace name
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: nfs-csi-provisioner
+    # replace with non-default namespace name
+    namespace: default
+roleRef:
+  kind: Role
+  name: nfs-csi-provisioner-psp
+  apiGroup: rbac.authorization.k8s.io