richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5763 Commits
33 Branches
82 Tags
153 MiB
Tree: ae3a1d7c01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae3a1d7c01'
${ noResults }
kubespray/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin...

212 lines
5.5 KiB
Raw Normal View History

Deploy Cinder CSI driver to provision volumes over OpenStack (#5184) * Deploy Cinder CSI driver to provision volumes over OpenStack * Deploy Cinder CSI StorageClass * Cinder CSI doc
5 years ago
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537) * add snapshot-controller and v1beta1 snapshot api * fix typo * udpate manifest to v1beta1 * update * update manifests * fix spelling * wait until crd is applied * fix missing info in kube module * revert snapshotclass * add snapshot crds before applying the csi driver * add crds, missed them in last commit * use pull policy from kubespray
4 years ago
Deploy Cinder CSI driver to provision volumes over OpenStack (#5184) * Deploy Cinder CSI driver to provision volumes over OpenStack * Deploy Cinder CSI StorageClass * Cinder CSI doc
5 years ago
update cinder csi manifests (#6434)
4 years ago
Deploy Cinder CSI driver to provision volumes over OpenStack (#5184) * Deploy Cinder CSI driver to provision volumes over OpenStack * Deploy Cinder CSI StorageClass * Cinder CSI doc
5 years ago
update cinder csi manifests (#6434)
4 years ago
Deploy Cinder CSI driver to provision volumes over OpenStack (#5184) * Deploy Cinder CSI driver to provision volumes over OpenStack * Deploy Cinder CSI StorageClass * Cinder CSI doc
5 years ago
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537) * add snapshot-controller and v1beta1 snapshot api * fix typo * udpate manifest to v1beta1 * update * update manifests * fix spelling * wait until crd is applied * fix missing info in kube module * revert snapshotclass * add snapshot crds before applying the csi driver * add crds, missed them in last commit * use pull policy from kubespray
4 years ago
Deploy Cinder CSI driver to provision volumes over OpenStack (#5184) * Deploy Cinder CSI driver to provision volumes over OpenStack * Deploy Cinder CSI StorageClass * Cinder CSI doc
5 years ago
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537) * add snapshot-controller and v1beta1 snapshot api * fix typo * udpate manifest to v1beta1 * update * update manifests * fix spelling * wait until crd is applied * fix missing info in kube module * revert snapshotclass * add snapshot crds before applying the csi driver * add crds, missed them in last commit * use pull policy from kubespray
4 years ago
  1. # This YAML file contains RBAC API objects,
  2. # which are necessary to run csi controller plugin
  4. apiVersion: v1
  5. kind: ServiceAccount
  6. metadata:
  7. name: csi-cinder-controller-sa
  8. namespace: kube-system
  10. ---
  11. # external attacher
  12. kind: ClusterRole
  13. apiVersion: rbac.authorization.k8s.io/v1
  14. metadata:
  15. name: csi-attacher-role
  16. rules:
  17. - apiGroups: [""]
  18. resources: ["persistentvolumes"]
  19. verbs: ["get", "list", "watch", "update", "patch"]
  20. - apiGroups: [""]
  21. resources: ["nodes"]
  22. verbs: ["get", "list", "watch"]
  23. - apiGroups: ["storage.k8s.io"]
  24. resources: ["volumeattachments"]
  25. verbs: ["get", "list", "watch", "update", "patch"]
  26. - apiGroups: ["storage.k8s.io"]
  27. resources: ["csinodes"]
  28. verbs: ["get", "list", "watch"]
  31. ---
  32. kind: ClusterRoleBinding
  33. apiVersion: rbac.authorization.k8s.io/v1
  34. metadata:
  35. name: csi-attacher-binding
  36. subjects:
  37. - kind: ServiceAccount
  38. name: csi-cinder-controller-sa
  39. namespace: kube-system
  40. roleRef:
  41. kind: ClusterRole
  42. name: csi-attacher-role
  43. apiGroup: rbac.authorization.k8s.io
  45. ---
  46. # external Provisioner
  47. kind: ClusterRole
  48. apiVersion: rbac.authorization.k8s.io/v1
  49. metadata:
  50. name: csi-provisioner-role
  51. rules:
  52. - apiGroups: [""]
  53. resources: ["persistentvolumes"]
  54. verbs: ["get", "list", "watch", "create", "delete"]
  55. - apiGroups: [""]
  56. resources: ["persistentvolumeclaims"]
  57. verbs: ["get", "list", "watch", "update"]
  58. - apiGroups: ["storage.k8s.io"]
  59. resources: ["storageclasses"]
  60. verbs: ["get", "list", "watch"]
  61. - apiGroups: [""]
  62. resources: ["nodes"]
  63. verbs: ["get", "list", "watch"]
  64. - apiGroups: ["storage.k8s.io"]
  65. resources: ["csinodes"]
  66. verbs: ["get", "list", "watch"]
  67. - apiGroups: [""]
  68. resources: ["events"]
  69. verbs: ["list", "watch", "create", "update", "patch"]
  70. - apiGroups: ["snapshot.storage.k8s.io"]
  71. resources: ["volumesnapshots"]
  72. verbs: ["get", "list"]
  73. - apiGroups: ["snapshot.storage.k8s.io"]
  74. resources: ["volumesnapshotcontents"]
  75. verbs: ["get", "list"]
  77. ---
  78. kind: ClusterRoleBinding
  79. apiVersion: rbac.authorization.k8s.io/v1
  80. metadata:
  81. name: csi-provisioner-binding
  82. subjects:
  83. - kind: ServiceAccount
  84. name: csi-cinder-controller-sa
  85. namespace: kube-system
  86. roleRef:
  87. kind: ClusterRole
  88. name: csi-provisioner-role
  89. apiGroup: rbac.authorization.k8s.io
  91. ---
  92. # external snapshotter
  93. kind: ClusterRole
  94. apiVersion: rbac.authorization.k8s.io/v1
  95. metadata:
  96. name: csi-snapshotter-role
  97. rules:
  98. - apiGroups: [""]
  99. resources: ["persistentvolumes"]
  100. verbs: ["get", "list", "watch"]
  101. - apiGroups: [""]
  102. resources: ["persistentvolumeclaims"]
  103. verbs: ["get", "list", "watch"]
  104. - apiGroups: ["storage.k8s.io"]
  105. resources: ["storageclasses"]
  106. verbs: ["get", "list", "watch"]
  107. - apiGroups: [""]
  108. resources: ["events"]
  109. verbs: ["list", "watch", "create", "update", "patch"]
  110. - apiGroups: [""]
  111. resources: ["secrets"]
  112. verbs: ["get", "list"]
  113. - apiGroups: ["snapshot.storage.k8s.io"]
  114. resources: ["volumesnapshotclasses"]
  115. verbs: ["get", "list", "watch"]
  116. - apiGroups: ["snapshot.storage.k8s.io"]
  117. resources: ["volumesnapshotcontents"]
  118. verbs: ["create", "get", "list", "watch", "update", "delete"]
  119. - apiGroups: ["snapshot.storage.k8s.io"]
  120. resources: ["volumesnapshots"]
  121. verbs: ["get", "list", "watch", "update"]
  122. - apiGroups: ["snapshot.storage.k8s.io"]
  123. resources: ["volumesnapshots/status"]
  124. verbs: ["update"]
  125. - apiGroups: ["snapshot.storage.k8s.io"]
  126. resources: ["volumesnapshotcontents/status"]
  127. verbs: ["update"]
  128. - apiGroups: ["apiextensions.k8s.io"]
  129. resources: ["customresourcedefinitions"]
  130. verbs: ["create", "list", "watch", "delete"]
  132. ---
  133. kind: ClusterRoleBinding
  134. apiVersion: rbac.authorization.k8s.io/v1
  135. metadata:
  136. name: csi-snapshotter-binding
  137. subjects:
  138. - kind: ServiceAccount
  139. name: csi-cinder-controller-sa
  140. namespace: kube-system
  141. roleRef:
  142. kind: ClusterRole
  143. name: csi-snapshotter-role
  144. apiGroup: rbac.authorization.k8s.io
  145. ---
  147. # External Resizer
  148. kind: ClusterRole
  149. apiVersion: rbac.authorization.k8s.io/v1
  150. metadata:
  151. name: csi-resizer-role
  152. rules:
  153. # The following rule should be uncommented for plugins that require secrets
  154. # for provisioning.
  155. # - apiGroups: [""]
  156. # resources: ["secrets"]
  157. # verbs: ["get", "list", "watch"]
  158. - apiGroups: [""]
  159. resources: ["persistentvolumes"]
  160. verbs: ["get", "list", "watch", "update", "patch"]
  161. - apiGroups: [""]
  162. resources: ["persistentvolumeclaims"]
  163. verbs: ["get", "list", "watch"]
  164. - apiGroups: [""]
  165. resources: ["persistentvolumeclaims/status"]
  166. verbs: ["update", "patch"]
  167. - apiGroups: ["storage.k8s.io"]
  168. resources: ["storageclasses"]
  169. verbs: ["get", "list", "watch"]
  170. - apiGroups: [""]
  171. resources: ["events"]
  172. verbs: ["list", "watch", "create", "update", "patch"]
  174. ---
  175. kind: ClusterRoleBinding
  176. apiVersion: rbac.authorization.k8s.io/v1
  177. metadata:
  178. name: csi-resizer-binding
  179. subjects:
  180. - kind: ServiceAccount
  181. name: csi-cinder-controller-sa
  182. namespace: kube-system
  183. roleRef:
  184. kind: ClusterRole
  185. name: csi-resizer-role
  186. apiGroup: rbac.authorization.k8s.io
  188. ---
  189. kind: Role
  190. apiVersion: rbac.authorization.k8s.io/v1
  191. metadata:
  192. namespace: kube-system
  193. name: external-resizer-cfg
  194. rules:
  195. - apiGroups: ["coordination.k8s.io"]
  196. resources: ["leases"]
  197. verbs: ["get", "watch", "list", "delete", "update", "create"]
  199. ---
  200. kind: RoleBinding
  201. apiVersion: rbac.authorization.k8s.io/v1
  202. metadata:
  203. name: csi-resizer-role-cfg
  204. namespace: kube-system
  205. subjects:
  206. - kind: ServiceAccount
  207. name: csi-cinder-controller-sa
  208. namespace: kube-system
  209. roleRef:
  210. kind: Role
  211. name: external-resizer-cfg
  212. apiGroup: rbac.authorization.k8s.io