charts/csi-driver-smb/templates/rbac-csi-smb.yaml - pcloud - Gitiles

 {{- if .Values.serviceAccount.create -}}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.serviceAccount.controller }}
   namespace: {{ .Release.Namespace }}
 {{ include "smb.labels" . | indent 2 }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.serviceAccount.node }}
   namespace: {{ .Release.Namespace }}
 {{ include "smb.labels" . | indent 2 }}
 {{ end }}

 {{- if .Values.rbac.create -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ .Values.rbac.name }}-external-provisioner-role
 {{ include "smb.labels" . | indent 2 }}
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["get", "list", "watch", "update"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["storageclasses"]
     verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "list", "watch", "create", "update", "patch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["csinodes"]
     verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "list", "watch", "create", "update", "patch"]
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get"]
 ---

 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Values.rbac.name }}-csi-provisioner-binding
 {{ include "smb.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: {{ .Values.rbac.name }}-external-provisioner-role
   apiGroup: rbac.authorization.k8s.io
 {{ end }}
	{{- if .Values.serviceAccount.create -}}
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: {{ .Values.serviceAccount.controller }}
	namespace: {{ .Release.Namespace }}
	{{ include "smb.labels" . \| indent 2 }}
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: {{ .Values.serviceAccount.node }}
	namespace: {{ .Release.Namespace }}
	{{ include "smb.labels" . \| indent 2 }}
	{{ end }}

	{{- if .Values.rbac.create -}}
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: {{ .Values.rbac.name }}-external-provisioner-role
	{{ include "smb.labels" . \| indent 2 }}
	rules:
	- apiGroups: [""]
	resources: ["persistentvolumes"]
	verbs: ["get", "list", "watch", "create", "delete"]
	- apiGroups: [""]
	resources: ["persistentvolumeclaims"]
	verbs: ["get", "list", "watch", "update"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["storageclasses"]
	verbs: ["get", "list", "watch"]
	- apiGroups: [""]
	resources: ["events"]
	verbs: ["get", "list", "watch", "create", "update", "patch"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["csinodes"]
	verbs: ["get", "list", "watch"]
	- apiGroups: [""]
	resources: ["nodes"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["coordination.k8s.io"]
	resources: ["leases"]
	verbs: ["get", "list", "watch", "create", "update", "patch"]
	- apiGroups: [""]
	resources: ["secrets"]
	verbs: ["get"]
	---

	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: {{ .Values.rbac.name }}-csi-provisioner-binding
	{{ include "smb.labels" . \| indent 2 }}
	subjects:
	- kind: ServiceAccount
	name: {{ .Values.serviceAccount.controller }}
	namespace: {{ .Release.Namespace }}
	roleRef:
	kind: ClusterRole
	name: {{ .Values.rbac.name }}-external-provisioner-role
	apiGroup: rbac.authorization.k8s.io
	{{ end }}