build: add NFS provisioner RBAC to generated artifacts

Signed-off-by: Niels de Vos <ndevos@ibm.com>

deploy/Makefile

@@ -19,6 +19,7 @@ all: \
 	cephfs/kubernetes/csi-config-map.yaml \
 	nfs/kubernetes/csidriver.yaml \
 	nfs/kubernetes/csi-config-map.yaml \
+	nfs/kubernetes/csi-provisioner-rbac.yaml \
 	rbd/kubernetes/csidriver.yaml \
 	rbd/kubernetes/csi-config-map.yaml
 
@@ -37,6 +38,9 @@ nfs/kubernetes/csidriver.yaml: ../api/deploy/kubernetes/nfs/csidriver.yaml ../ap
 nfs/kubernetes/csi-config-map.yaml: ../api/deploy/kubernetes/nfs/csi-config-map.*
 	$(MAKE) -C ../tools generate-deploy
 
+nfs/kubernetes/csi-provisioner-rbac.yaml: ../api/deploy/kubernetes/nfs/csi-provisioner-rbac*
+	$(MAKE) -C ../tools generate-deploy
+
 rbd/kubernetes/csidriver.yaml: ../api/deploy/kubernetes/rbd/csidriver.yaml ../api/deploy/kubernetes/rbd/csidriver.go
 	$(MAKE) -C ../tools generate-deploy
 

deploy/nfs/kubernetes/csi-provisioner-rbac.yaml

@@ -1,8 +1,10 @@
----
+#
-apiVersion: v1
+# /!\ DO NOT MODIFY THIS FILE
-kind: ServiceAccount
+#
-metadata:
+# This file has been automatically generated by Ceph-CSI yamlgen.
-  name: nfs-csi-provisioner
+# The source for the contents can be found in the api/deploy directory, make
+# your modifications there.
+#
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -51,25 +53,26 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
     verbs: ["get", "list"]
+
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: nfs-csi-provisioner-role
+  name: "nfs-csi-provisioner-role"
 subjects:
   - kind: ServiceAccount
-    name: nfs-csi-provisioner
+    name: "nfs-csi-provisioner"
-    namespace: default
+    namespace: "default"
 roleRef:
   kind: ClusterRole
   name: nfs-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
+
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  # replace with non-default namespace name
+  namespace: "default"
-  namespace: default
   name: nfs-external-provisioner-cfg
 rules:
   # remove this once we stop supporting v1.0.0
@@ -79,18 +82,17 @@ rules:
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "watch", "list", "delete", "update", "create"]
+
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: nfs-csi-provisioner-role-cfg
+  name: "nfs-csi-provisioner-role-cfg"
-  # replace with non-default namespace name
+  namespace: "default"
-  namespace: default
 subjects:
   - kind: ServiceAccount
-    name: nfs-csi-provisioner
+    name: "nfs-csi-provisioner"
-    # replace with non-default namespace name
+    namespace: "default"
-    namespace: default
 roleRef:
   kind: Role
   name: nfs-external-provisioner-cfg

tools/yamlgen/main.go

@@ -69,6 +69,11 @@ var yamlArtifacts = []deploymentArtifact{
 		reflect.ValueOf(nfs.NewCSIConfigMapYAML),
 		reflect.ValueOf(nfs.CSIConfigMapDefaults),
 	},
+	{
+		"../deploy/nfs/kubernetes/csi-provisioner-rbac.yaml",
+		reflect.ValueOf(nfs.NewCSIProvisionerRBACYAML),
+		reflect.ValueOf(nfs.CSIProvisionerRBACDefaults),
+	},
 	{
 		"../deploy/rbd/kubernetes/csidriver.yaml",
 		reflect.ValueOf(rbd.NewCSIDriverYAML),