richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5938 Commits
34 Branches
82 Tags
155 MiB
Tree: 0ac364dfae
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ac364dfae'
${ noResults }
kubespray/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservi...

180 lines
4.7 KiB
Raw Normal View History

AWS EBS CSI implementation (#5549) * AWS EBS CSI implementation * Fixing image repos * Add OWNERS file * Fix expressions * Add csi-driver tag * Add AWS EBS prefix to variables * Add AWS EBS CSI Driver documentation
5 years ago
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776)
4 years ago
AWS EBS CSI implementation (#5549) * AWS EBS CSI implementation * Fixing image repos * Add OWNERS file * Fix expressions * Add csi-driver tag * Add AWS EBS prefix to variables * Add AWS EBS CSI Driver documentation
5 years ago
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776)
4 years ago
AWS EBS CSI implementation (#5549) * AWS EBS CSI implementation * Fixing image repos * Add OWNERS file * Fix expressions * Add csi-driver tag * Add AWS EBS prefix to variables * Add AWS EBS CSI Driver documentation
5 years ago
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776)
4 years ago
AWS EBS CSI implementation (#5549) * AWS EBS CSI implementation * Fixing image repos * Add OWNERS file * Fix expressions * Add csi-driver tag * Add AWS EBS prefix to variables * Add AWS EBS CSI Driver documentation
5 years ago
  1. # Controller Service
  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5. name: ebs-csi-controller-sa
  6. namespace: kube-system
  8. ---
  10. kind: ClusterRole
  11. apiVersion: rbac.authorization.k8s.io/v1
  12. metadata:
  13. name: ebs-external-provisioner-role
  14. rules:
  15. - apiGroups: [""]
  16. resources: ["persistentvolumes"]
  17. verbs: ["list", "watch", "create", "delete"]
  18. - apiGroups: [""]
  19. resources: ["persistentvolumeclaims"]
  20. verbs: ["get", "list", "watch", "update"]
  21. - apiGroups: ["storage.k8s.io"]
  22. resources: ["storageclasses"]
  23. verbs: ["get", "list", "watch"]
  24. - apiGroups: [""]
  25. resources: ["events"]
  26. verbs: ["get", "list", "watch", "create", "update", "patch"]
  27. - apiGroups: ["storage.k8s.io"]
  28. resources: ["csinodes"]
  29. verbs: ["get", "list", "watch"]
  30. - apiGroups: [""]
  31. resources: ["nodes"]
  32. verbs: ["get", "list", "watch"]
  33. - apiGroups: ["coordination.k8s.io"]
  34. resources: ["leases"]
  35. verbs: ["get", "watch", "list", "delete", "update", "create"]
  37. ---
  39. kind: ClusterRoleBinding
  40. apiVersion: rbac.authorization.k8s.io/v1
  41. metadata:
  42. name: ebs-csi-provisioner-binding
  43. subjects:
  44. - kind: ServiceAccount
  45. name: ebs-csi-controller-sa
  46. namespace: kube-system
  47. roleRef:
  48. kind: ClusterRole
  49. name: ebs-external-provisioner-role
  50. apiGroup: rbac.authorization.k8s.io
  52. ---
  54. # The permissions in this ClusterRole are tightly coupled with the version of csi-attacher used. More information about this can be found in kubernetes-csi/external-attacher.
  55. kind: ClusterRole
  56. apiVersion: rbac.authorization.k8s.io/v1
  57. metadata:
  58. name: ebs-external-attacher-role
  59. rules:
  60. - apiGroups: [""]
  61. resources: ["persistentvolumes"]
  62. verbs: ["get", "list", "watch", "patch"]
  63. - apiGroups: ["storage.k8s.io"]
  64. resources: ["csinodes"]
  65. verbs: ["get", "list", "watch"]
  66. - apiGroups: ["storage.k8s.io"]
  67. resources: ["volumeattachments"]
  68. verbs: ["get", "list", "watch", "patch"]
  69. - apiGroups: ["storage.k8s.io"]
  70. resources: ["volumeattachments/status"]
  71. verbs: ["patch"]
  73. ---
  75. kind: ClusterRoleBinding
  76. apiVersion: rbac.authorization.k8s.io/v1
  77. metadata:
  78. name: ebs-csi-attacher-binding
  79. subjects:
  80. - kind: ServiceAccount
  81. name: ebs-csi-controller-sa
  82. namespace: kube-system
  83. roleRef:
  84. kind: ClusterRole
  85. name: ebs-external-attacher-role
  86. apiGroup: rbac.authorization.k8s.io
  88. {% if aws_ebs_csi_enable_volume_snapshot %}
  89. ---
  91. kind: ClusterRole
  92. apiVersion: rbac.authorization.k8s.io/v1
  93. metadata:
  94. name: ebs-external-snapshotter-role
  95. rules:
  96. - apiGroups: [""]
  97. resources: ["persistentvolumes"]
  98. verbs: ["get", "list", "watch"]
  99. - apiGroups: [""]
  100. resources: ["persistentvolumeclaims"]
  101. verbs: ["get", "list", "watch"]
  102. - apiGroups: ["storage.k8s.io"]
  103. resources: ["storageclasses"]
  104. verbs: ["get", "list", "watch"]
  105. - apiGroups: [""]
  106. resources: ["events"]
  107. verbs: ["list", "watch", "create", "update", "patch"]
  108. - apiGroups: [""]
  109. resources: ["secrets"]
  110. verbs: ["get", "list"]
  111. - apiGroups: ["snapshot.storage.k8s.io"]
  112. resources: ["volumesnapshotclasses"]
  113. verbs: ["get", "list", "watch"]
  114. - apiGroups: ["snapshot.storage.k8s.io"]
  115. resources: ["volumesnapshotcontents"]
  116. verbs: ["create", "get", "list", "watch", "update", "delete"]
  117. - apiGroups: ["snapshot.storage.k8s.io"]
  118. resources: ["volumesnapshots"]
  119. verbs: ["get", "list", "watch", "update"]
  120. - apiGroups: ["apiextensions.k8s.io"]
  121. resources: ["customresourcedefinitions"]
  122. verbs: ["create", "list", "watch", "delete"]
  124. ---
  126. kind: ClusterRoleBinding
  127. apiVersion: rbac.authorization.k8s.io/v1
  128. metadata:
  129. name: ebs-csi-snapshotter-binding
  130. subjects:
  131. - kind: ServiceAccount
  132. name: ebs-csi-controller-sa
  133. namespace: kube-system
  134. roleRef:
  135. kind: ClusterRole
  136. name: ebs-external-snapshotter-role
  137. apiGroup: rbac.authorization.k8s.io
  139. {% endif %}
  141. {% if aws_ebs_csi_enable_volume_resizing %}
  142. ---
  144. kind: ClusterRole
  145. apiVersion: rbac.authorization.k8s.io/v1
  146. metadata:
  147. name: ebs-external-resizer-role
  148. rules:
  149. - apiGroups: [""]
  150. resources: ["persistentvolumes"]
  151. verbs: ["get", "list", "watch", "update", "patch"]
  152. - apiGroups: [""]
  153. resources: ["persistentvolumeclaims"]
  154. verbs: ["get", "list", "watch"]
  155. - apiGroups: [""]
  156. resources: ["persistentvolumeclaims/status"]
  157. verbs: ["update", "patch"]
  158. - apiGroups: ["storage.k8s.io"]
  159. resources: ["storageclasses"]
  160. verbs: ["get", "list", "watch"]
  161. - apiGroups: [""]
  162. resources: ["events"]
  163. verbs: ["list", "watch", "create", "update", "patch"]
  165. ---
  167. kind: ClusterRoleBinding
  168. apiVersion: rbac.authorization.k8s.io/v1
  169. metadata:
  170. name: ebs-csi-resizer-binding
  171. subjects:
  172. - kind: ServiceAccount
  173. name: ebs-csi-controller-sa
  174. namespace: kube-system
  175. roleRef:
  176. kind: ClusterRole
  177. name: ebs-external-resizer-role
  178. apiGroup: rbac.authorization.k8s.io
  180. {% endif %}