From a6466fb1cad284c4f2ac5564045ed45d81d5f0f2 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Fri, 26 Jan 2024 17:02:05 +0100 Subject: [PATCH] build: add NFS provisioner RBAC to generated artifacts Signed-off-by: Niels de Vos --- deploy/Makefile | 4 +++ .../nfs/kubernetes/csi-provisioner-rbac.yaml | 34 ++++++++++--------- tools/yamlgen/main.go | 5 +++ 3 files changed, 27 insertions(+), 16 deletions(-) diff --git a/deploy/Makefile b/deploy/Makefile index 34f42c66a..82a5b04d4 100644 --- a/deploy/Makefile +++ b/deploy/Makefile @@ -19,6 +19,7 @@ all: \ cephfs/kubernetes/csi-config-map.yaml \ nfs/kubernetes/csidriver.yaml \ nfs/kubernetes/csi-config-map.yaml \ + nfs/kubernetes/csi-provisioner-rbac.yaml \ rbd/kubernetes/csidriver.yaml \ rbd/kubernetes/csi-config-map.yaml @@ -37,6 +38,9 @@ nfs/kubernetes/csidriver.yaml: ../api/deploy/kubernetes/nfs/csidriver.yaml ../ap nfs/kubernetes/csi-config-map.yaml: ../api/deploy/kubernetes/nfs/csi-config-map.* $(MAKE) -C ../tools generate-deploy +nfs/kubernetes/csi-provisioner-rbac.yaml: ../api/deploy/kubernetes/nfs/csi-provisioner-rbac* + $(MAKE) -C ../tools generate-deploy + rbd/kubernetes/csidriver.yaml: ../api/deploy/kubernetes/rbd/csidriver.yaml ../api/deploy/kubernetes/rbd/csidriver.go $(MAKE) -C ../tools generate-deploy diff --git a/deploy/nfs/kubernetes/csi-provisioner-rbac.yaml b/deploy/nfs/kubernetes/csi-provisioner-rbac.yaml index 5fa71cf4a..58571f6d6 100644 --- a/deploy/nfs/kubernetes/csi-provisioner-rbac.yaml +++ b/deploy/nfs/kubernetes/csi-provisioner-rbac.yaml @@ -1,8 +1,10 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-csi-provisioner +# +# /!\ DO NOT MODIFY THIS FILE +# +# This file has been automatically generated by Ceph-CSI yamlgen. +# The source for the contents can be found in the api/deploy directory, make +# your modifications there. +# --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -51,25 +53,26 @@ rules: - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list"] + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: nfs-csi-provisioner-role + name: "nfs-csi-provisioner-role" subjects: - kind: ServiceAccount - name: nfs-csi-provisioner - namespace: default + name: "nfs-csi-provisioner" + namespace: "default" roleRef: kind: ClusterRole name: nfs-external-provisioner-runner apiGroup: rbac.authorization.k8s.io + --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - # replace with non-default namespace name - namespace: default + namespace: "default" name: nfs-external-provisioner-cfg rules: # remove this once we stop supporting v1.0.0 @@ -79,18 +82,17 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: nfs-csi-provisioner-role-cfg - # replace with non-default namespace name - namespace: default + name: "nfs-csi-provisioner-role-cfg" + namespace: "default" subjects: - kind: ServiceAccount - name: nfs-csi-provisioner - # replace with non-default namespace name - namespace: default + name: "nfs-csi-provisioner" + namespace: "default" roleRef: kind: Role name: nfs-external-provisioner-cfg diff --git a/tools/yamlgen/main.go b/tools/yamlgen/main.go index 9b066c12e..de54a5138 100644 --- a/tools/yamlgen/main.go +++ b/tools/yamlgen/main.go @@ -69,6 +69,11 @@ var yamlArtifacts = []deploymentArtifact{ reflect.ValueOf(nfs.NewCSIConfigMapYAML), reflect.ValueOf(nfs.CSIConfigMapDefaults), }, + { + "../deploy/nfs/kubernetes/csi-provisioner-rbac.yaml", + reflect.ValueOf(nfs.NewCSIProvisionerRBACYAML), + reflect.ValueOf(nfs.CSIProvisionerRBACDefaults), + }, { "../deploy/rbd/kubernetes/csidriver.yaml", reflect.ValueOf(rbd.NewCSIDriverYAML),