richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7851 Commits
34 Branches
82 Tags
155 MiB
Tree: a2a2dfa419
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a2a2dfa419'
${ noResults }
kubespray/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-setup.yml.j2

248 lines
6.6 KiB
Raw Normal View History

UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
Upgrade upcloud csi driver to v1.1.0 and add snapshot features (#11303)
8 months ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
upcloud csi driver: bump version to v0.3.3 (#9317)
2 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
pre-commit autocorrected files (#9750)
2 years ago
Upgrade upcloud csi driver to v1.1.0 and add snapshot features (#11303)
8 months ago
  1. kind: ServiceAccount
  2. apiVersion: v1
  3. metadata:
  4. name: csi-upcloud-controller-sa
  5. namespace: kube-system
  7. ---
  9. apiVersion: v1
  10. kind: ServiceAccount
  11. metadata:
  12. name: csi-upcloud-node-sa
  13. namespace: kube-system
  15. ---
  16. kind: ClusterRole
  17. apiVersion: rbac.authorization.k8s.io/v1
  18. metadata:
  19. name: csi-upcloud-node-driver-registrar-role
  20. namespace: kube-system
  21. rules:
  22. - apiGroups: [ "" ]
  23. resources: [ "events" ]
  24. verbs: [ "get", "list", "watch", "create", "update", "patch" ]
  26. ---
  27. kind: ClusterRoleBinding
  28. apiVersion: rbac.authorization.k8s.io/v1
  29. metadata:
  30. name: csi-upcloud-node-driver-registrar-binding
  31. subjects:
  32. - kind: ServiceAccount
  33. name: csi-upcloud-node-sa
  34. namespace: kube-system
  35. roleRef:
  36. kind: ClusterRole
  37. name: csi-upcloud-node-driver-registrar-role
  38. apiGroup: rbac.authorization.k8s.io
  40. ---
  42. kind: ClusterRole
  43. apiVersion: rbac.authorization.k8s.io/v1
  44. metadata:
  45. name: csi-upcloud-provisioner-role
  46. rules:
  47. - apiGroups: [ "" ]
  48. resources: [ "secrets" ]
  49. verbs: [ "get", "list" ]
  50. - apiGroups: [ "" ]
  51. resources: [ "persistentvolumes" ]
  52. verbs: [ "get", "list", "watch", "create", "delete" ]
  53. - apiGroups: [ "" ]
  54. resources: [ "persistentvolumeclaims" ]
  55. verbs: [ "get", "list", "watch", "update" ]
  56. - apiGroups: [ "storage.k8s.io" ]
  57. resources: [ "storageclasses" ]
  58. verbs: [ "get", "list", "watch" ]
  59. - apiGroups: [ "storage.k8s.io" ]
  60. resources: [ "csinodes" ]
  61. verbs: [ "get", "list", "watch" ]
  62. - apiGroups: [ "" ]
  63. resources: [ "events" ]
  64. verbs: [ "list", "watch", "create", "update", "patch" ]
  65. - apiGroups: ["snapshot.storage.k8s.io"]
  66. resources: ["volumesnapshotclasses"]
  67. verbs: ["get", "list", "watch"]
  68. - apiGroups: ["snapshot.storage.k8s.io"]
  69. resources: ["volumesnapshotcontents"]
  70. verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
  71. - apiGroups: ["snapshot.storage.k8s.io"]
  72. resources: ["volumesnapshotcontents/status"]
  73. verbs: ["update"]
  74. - apiGroups: [ "snapshot.storage.k8s.io" ]
  75. resources: [ "volumesnapshots" ]
  76. verbs: [ "get", "list" ]
  77. - apiGroups: [ "" ]
  78. resources: [ "nodes" ]
  79. verbs: [ "get", "list", "watch" ]
  81. ---
  82. kind: ClusterRoleBinding
  83. apiVersion: rbac.authorization.k8s.io/v1
  84. metadata:
  85. name: csi-upcloud-provisioner-binding
  86. subjects:
  87. - kind: ServiceAccount
  88. name: csi-upcloud-controller-sa
  89. namespace: kube-system
  90. roleRef:
  91. kind: ClusterRole
  92. name: csi-upcloud-provisioner-role
  93. apiGroup: rbac.authorization.k8s.io
  95. ---
  96. # Attacher must be able to work with PVs, nodes and VolumeAttachments
  97. kind: ClusterRole
  98. apiVersion: rbac.authorization.k8s.io/v1
  99. metadata:
  100. name: csi-upcloud-attacher-role
  101. rules:
  102. - apiGroups: [ "" ]
  103. resources: [ "persistentvolumes" ]
  104. verbs: [ "get", "list", "watch", "update", "patch" ]
  105. - apiGroups: [ "" ]
  106. resources: [ "nodes" ]
  107. verbs: [ "get", "list", "watch" ]
  108. - apiGroups: [ "storage.k8s.io" ]
  109. resources: [ "csinodes" ]
  110. verbs: [ "get", "list", "watch" ]
  111. - apiGroups: [ "storage.k8s.io" ]
  112. resources: [ "volumeattachments" ]
  113. verbs: [ "get", "list", "watch", "update", "patch" ]
  114. - apiGroups: [ "storage.k8s.io" ]
  115. resources: [ "volumeattachments/status" ]
  116. verbs: [ "get", "list", "watch", "update", "patch" ]
  118. ---
  119. kind: ClusterRoleBinding
  120. apiVersion: rbac.authorization.k8s.io/v1
  121. metadata:
  122. name: csi-upcloud-attacher-binding
  123. subjects:
  124. - kind: ServiceAccount
  125. name: csi-upcloud-controller-sa
  126. namespace: kube-system
  127. roleRef:
  128. kind: ClusterRole
  129. name: csi-upcloud-attacher-role
  130. apiGroup: rbac.authorization.k8s.io
  132. ---
  133. # Provisioner must be able to work with endpoints and leases in current namespace
  134. # if (and only if) leadership election is enabled
  135. kind: Role
  136. apiVersion: rbac.authorization.k8s.io/v1
  137. metadata:
  138. namespace: kube-system
  139. name: csi-upcloud-provisioner-cfg-role
  140. rules:
  141. - apiGroups: [""]
  142. resources: ["endpoints"]
  143. verbs: ["get", "watch", "list", "delete", "update", "create"]
  144. - apiGroups: ["coordination.k8s.io"]
  145. resources: ["leases"]
  146. verbs: ["get", "watch", "list", "delete", "update", "create"]
  148. ---
  149. kind: RoleBinding
  150. apiVersion: rbac.authorization.k8s.io/v1
  151. metadata:
  152. name: csi-provisioner-role-cfg-binding
  153. namespace: kube-system
  154. subjects:
  155. - kind: ServiceAccount
  156. name: csi-upcloud-controller-sa
  157. namespace: kube-system
  158. roleRef:
  159. kind: Role
  160. name: csi-upcloud-provisioner-cfg-role
  161. apiGroup: rbac.authorization.k8s.io
  163. ---
  164. kind: ClusterRole
  165. apiVersion: rbac.authorization.k8s.io/v1
  166. metadata:
  167. name: csi-upcloud-resizer-role
  168. rules:
  169. - apiGroups: [ "" ]
  170. resources: [ "persistentvolumes" ]
  171. verbs: [ "get", "list", "watch", "update", "patch" ]
  172. - apiGroups: [ "" ]
  173. resources: [ "persistentvolumeclaims" ]
  174. verbs: [ "get", "list", "watch" ]
  175. - apiGroups: [ "" ]
  176. resources: [ "persistentvolumeclaims/status" ]
  177. verbs: [ "update", "patch" ]
  178. - apiGroups: [ "" ]
  179. resources: [ "events" ]
  180. verbs: [ "list", "watch", "create", "update", "patch" ]
  181. - apiGroups: [ "" ]
  182. resources: [ "pods" ]
  183. verbs: [ "watch", "list" ]
  185. ---
  186. kind: ClusterRoleBinding
  187. apiVersion: rbac.authorization.k8s.io/v1
  188. metadata:
  189. name: csi-upcloud-resizer-binding
  190. subjects:
  191. - kind: ServiceAccount
  192. name: csi-upcloud-controller-sa
  193. namespace: kube-system
  194. roleRef:
  195. kind: ClusterRole
  196. name: csi-upcloud-resizer-role
  197. apiGroup: rbac.authorization.k8s.io
  199. ---
  200. kind: ClusterRole
  201. apiVersion: rbac.authorization.k8s.io/v1
  202. metadata:
  203. name: csi-upcloud-snapshotter-role
  204. rules:
  205. - apiGroups: [""]
  206. resources: ["secrets"]
  207. verbs: ["get", "list"]
  208. - apiGroups: [""]
  209. resources: ["persistentvolumes"]
  210. verbs: ["get", "list", "watch", "create", "delete"]
  211. - apiGroups: [""]
  212. resources: ["persistentvolumeclaims"]
  213. verbs: ["get", "list", "watch", "update"]
  214. - apiGroups: ["storage.k8s.io"]
  215. resources: ["storageclasses"]
  216. verbs: ["get", "list", "watch"]
  217. - apiGroups: [""]
  218. resources: ["events"]
  219. verbs: ["list", "watch", "create", "update", "patch"]
  220. - apiGroups: ["snapshot.storage.k8s.io"]
  221. resources: ["volumesnapshots"]
  222. verbs: ["get", "list"]
  223. - apiGroups: ["snapshot.storage.k8s.io"]
  224. resources: ["volumesnapshotcontents"]
  225. verbs: ["get", "list"]
  226. - apiGroups: ["storage.k8s.io"]
  227. resources: ["csinodes"]
  228. verbs: ["get", "list", "watch"]
  229. - apiGroups: [""]
  230. resources: ["nodes"]
  231. verbs: ["get", "list", "watch"]
  232. - apiGroups: ["storage.k8s.io"]
  233. resources: ["volumeattachments"]
  234. verbs: ["get", "list", "watch"]
  236. ---
  237. kind: ClusterRoleBinding
  238. apiVersion: rbac.authorization.k8s.io/v1
  239. metadata:
  240. name: csi-upcloud-snapshotter-binding
  241. subjects:
  242. - kind: ServiceAccount
  243. name: csi-upcloud-controller-sa
  244. namespace: kube-system
  245. roleRef:
  246. kind: ClusterRole
  247. name: csi-upcloud-snapshotter-role
  248. apiGroup: rbac.authorization.k8s.io