49 lines
1.0 KiB
YAML
49 lines
1.0 KiB
YAML
---
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: rbd-csi-nodeplugin
|
||
namespace: ceph‑csi
|
||
|
||
---
|
||
kind: ClusterRole
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
metadata:
|
||
name: rbd-csi-nodeplugin
|
||
rules:
|
||
- apiGroups: [""]
|
||
resources: ["nodes"]
|
||
verbs: ["get"]
|
||
- apiGroups: [""]
|
||
resources: ["secrets"]
|
||
verbs: ["get"]
|
||
- apiGroups: [""]
|
||
resources: ["configmaps"]
|
||
verbs: ["get"]
|
||
- apiGroups: [""]
|
||
resources: ["serviceaccounts"]
|
||
verbs: ["get"]
|
||
- apiGroups: [""]
|
||
resources: ["persistentvolumes"]
|
||
verbs: ["get"]
|
||
- apiGroups: ["storage.k8s.io"]
|
||
resources: ["volumeattachments"]
|
||
verbs: ["list", "get"]
|
||
- apiGroups: [""]
|
||
resources: ["serviceaccounts/token"]
|
||
verbs: ["create"]
|
||
|
||
---
|
||
kind: ClusterRoleBinding
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
metadata:
|
||
name: rbd-csi-nodeplugin
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: rbd-csi-nodeplugin
|
||
namespace: ceph‑csi
|
||
roleRef:
|
||
kind: ClusterRole
|
||
name: rbd-csi-nodeplugin
|
||
apiGroup: rbac.authorization.k8s.io
|