mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 18:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

script: Add script to install snapshot-controller

Browse Source 
Added script and snapshot-controller PSP
file to install snapshot-controller

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
2020-04-16 12:10:14 +05:30
committed by mergify[bot]
parent 1a3b07994e
commit c533d0125a
2 changed files with 151 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
scripts/snapshot-controller-psp.yaml Normal file
View File

@ -0,0 +1,55 @@
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-snapshotter-psp
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
- "SYS_ADMIN"
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- "configMap"
- "emptyDir"
- "projected"
- "secret"
- "downwardAPI"
- "hostPath"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-psp
# replace with non-default namespace name
namespace: default
rules:
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames: ["csi-snapshotter-psp"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-psp
# replace with non-default namespace name
namespace: default
subjects:
- kind: ServiceAccount
name: snapshot-controller
# replace with non-default namespace name
namespace: default
roleRef:
kind: Role
name: csi-snapshotter-psp
apiGroup: rbac.authorization.k8s.io