Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / b38f736390742bbdceb10981e9b727faba262e49^! / . / charts / csi-driver-smb / templates / rbac-csi-smb.yaml
commitb38f736390742bbdceb10981e9b727faba262e49[log] [tgz]
authorGiorgi Lekveishvili <lekva@gl-mbp-m1-max.local>Mon Jun 05 13:36:02 2023 +0400
committerGiorgi Lekveishvili <lekva@gl-mbp-m1-max.local>Mon Jun 05 13:36:02 2023 +0400
tree0e77e04a10ba8fb48906ae6619eb986af8717a84
parentc647025153355c2aff851a04e654a124bb212777 [diff] [blame]
charts: csi-driver-smb

diff --git a/charts/csi-driver-smb/templates/rbac-csi-smb.yaml b/charts/csi-driver-smb/templates/rbac-csi-smb.yaml
new file mode 100644
index 0000000..03561d1
--- /dev/null
+++ b/charts/csi-driver-smb/templates/rbac-csi-smb.yaml

@@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}