richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5938 Commits
34 Branches
82 Tags
155 MiB
Tree: 0ac364dfae
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ac364dfae'
${ noResults }
kubespray/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac...

66 lines
2.0 KiB
Raw Normal View History

Add vSphere external cloud provider (#5959)
4 years ago
Add suport of Vsphere CSI driver 2.X versions (#7480)
3 years ago
Add vSphere external cloud provider (#5959)
4 years ago
Add suport of Vsphere CSI driver 2.X versions (#7480)
3 years ago
Add vSphere external cloud provider (#5959)
4 years ago
Add suport of Vsphere CSI driver 2.X versions (#7480)
3 years ago
Add vSphere external cloud provider (#5959)
4 years ago
Add suport of Vsphere CSI driver 2.X versions (#7480)
3 years ago
Add vSphere external cloud provider (#5959)
4 years ago
Add suport of Vsphere CSI driver 2.X versions (#7480)
3 years ago
Add vSphere external cloud provider (#5959)
4 years ago
Add suport of Vsphere CSI driver 2.X versions (#7480)
3 years ago
Add vSphere external cloud provider (#5959)
4 years ago
  1. kind: ServiceAccount
  2. apiVersion: v1
  3. metadata:
  4. name: vsphere-csi-controller
  5. namespace: kube-system
  6. ---
  7. kind: ClusterRole
  8. apiVersion: rbac.authorization.k8s.io/v1
  9. metadata:
  10. name: vsphere-csi-controller-role
  11. rules:
  12. - apiGroups: [""]
  13. resources: ["nodes", "persistentvolumeclaims", "pods", "configmaps"]
  14. verbs: ["get", "list", "watch"]
  15. {% if external_vsphere_version >= "7.0" %}
  16. - apiGroups: [""]
  17. resources: ["persistentvolumeclaims/status"]
  18. {% if external_vsphere_version >= "7.0u1" %}
  19. verbs: ["patch"]
  20. {% else %}
  21. verbs: ["update", "patch"]
  22. {% endif %}
  23. {% endif %}
  24. - apiGroups: [""]
  25. resources: ["persistentvolumes"]
  26. verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
  27. - apiGroups: [""]
  28. resources: ["events"]
  29. verbs: ["get", "list", "watch", "create", "update", "patch"]
  30. {% if vsphere_csi_controller is version('v2.0.0', '>=') %}
  31. - apiGroups: ["coordination.k8s.io"]
  32. resources: ["leases"]
  33. verbs: ["get", "watch", "list", "delete", "update", "create"]
  34. {% endif %}
  35. - apiGroups: ["storage.k8s.io"]
  36. resources: ["storageclasses","csinodes"]
  37. verbs: ["get", "list", "watch"]
  38. - apiGroups: ["storage.k8s.io"]
  39. resources: ["volumeattachments"]
  40. verbs: ["get", "list", "watch", "patch"]
  41. {% if external_vsphere_version >= "7.0u1" %}
  42. - apiGroups: ["cns.vmware.com"]
  43. resources: ["cnsvspherevolumemigrations"]
  44. verbs: ["create", "get", "list", "watch", "update", "delete"]
  45. - apiGroups: ["apiextensions.k8s.io"]
  46. resources: ["customresourcedefinitions"]
  47. verbs: ["get", "create"]
  48. {% endif %}
  49. {% if vsphere_csi_controller is version('v2.0.0', '>=') %}
  50. - apiGroups: ["storage.k8s.io"]
  51. resources: ["volumeattachments/status"]
  52. verbs: ["patch"]
  53. {% endif %}
  54. ---
  55. kind: ClusterRoleBinding
  56. apiVersion: rbac.authorization.k8s.io/v1
  57. metadata:
  58. name: vsphere-csi-controller-binding
  59. subjects:
  60. - kind: ServiceAccount
  61. name: vsphere-csi-controller
  62. namespace: kube-system
  63. roleRef:
  64. kind: ClusterRole
  65. name: vsphere-csi-controller-role
  66. apiGroup: rbac.authorization.k8s.io