richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5763 Commits
33 Branches
82 Tags
153 MiB
Tree: ae3a1d7c01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae3a1d7c01'
${ noResults }
kubespray/roles/kubernetes-apps/snapshots/snapshot-controller/templates/rbac-snapshot-controller.ym...

85 lines
2.4 KiB
Raw Normal View History

Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537) * add snapshot-controller and v1beta1 snapshot api * fix typo * udpate manifest to v1beta1 * update * update manifests * fix spelling * wait until crd is applied * fix missing info in kube module * revert snapshotclass * add snapshot crds before applying the csi driver * add crds, missed them in last commit * use pull policy from kubespray
4 years ago
  1. # RBAC file for the snapshot controller.
  2. #
  3. # The snapshot controller implements the control loop for CSI snapshot functionality.
  4. # It should be installed as part of the base Kubernetes distribution in an appropriate
  5. # namespace for components implementing base system functionality. For installing with
  6. # Vanilla Kubernetes, kube-system makes sense for the namespace.
  8. apiVersion: v1
  9. kind: ServiceAccount
  10. metadata:
  11. name: snapshot-controller
  12. namespace: kube-system
  14. ---
  15. kind: ClusterRole
  16. apiVersion: rbac.authorization.k8s.io/v1
  17. metadata:
  18. # rename if there are conflicts
  19. name: snapshot-controller-runner
  20. rules:
  21. - apiGroups: [""]
  22. resources: ["persistentvolumes"]
  23. verbs: ["get", "list", "watch"]
  24. - apiGroups: [""]
  25. resources: ["persistentvolumeclaims"]
  26. verbs: ["get", "list", "watch", "update"]
  27. - apiGroups: ["storage.k8s.io"]
  28. resources: ["storageclasses"]
  29. verbs: ["get", "list", "watch"]
  30. - apiGroups: [""]
  31. resources: ["events"]
  32. verbs: ["list", "watch", "create", "update", "patch"]
  33. - apiGroups: ["snapshot.storage.k8s.io"]
  34. resources: ["volumesnapshotclasses"]
  35. verbs: ["get", "list", "watch"]
  36. - apiGroups: ["snapshot.storage.k8s.io"]
  37. resources: ["volumesnapshotcontents"]
  38. verbs: ["create", "get", "list", "watch", "update", "delete"]
  39. - apiGroups: ["snapshot.storage.k8s.io"]
  40. resources: ["volumesnapshots"]
  41. verbs: ["get", "list", "watch", "update"]
  42. - apiGroups: ["snapshot.storage.k8s.io"]
  43. resources: ["volumesnapshots/status"]
  44. verbs: ["update"]
  46. ---
  47. kind: ClusterRoleBinding
  48. apiVersion: rbac.authorization.k8s.io/v1
  49. metadata:
  50. name: snapshot-controller-role
  51. subjects:
  52. - kind: ServiceAccount
  53. name: snapshot-controller
  54. namespace: kube-system
  55. roleRef:
  56. kind: ClusterRole
  57. # change the name also here if the ClusterRole gets renamed
  58. name: snapshot-controller-runner
  59. apiGroup: rbac.authorization.k8s.io
  61. ---
  62. kind: Role
  63. apiVersion: rbac.authorization.k8s.io/v1
  64. metadata:
  65. namespace: kube-system
  66. name: snapshot-controller-leaderelection
  67. rules:
  68. - apiGroups: ["coordination.k8s.io"]
  69. resources: ["leases"]
  70. verbs: ["get", "watch", "list", "delete", "update", "create"]
  72. ---
  73. kind: RoleBinding
  74. apiVersion: rbac.authorization.k8s.io/v1
  75. metadata:
  76. name: snapshot-controller-leaderelection
  77. namespace: kube-system
  78. subjects:
  79. - kind: ServiceAccount
  80. name: snapshot-controller
  81. namespace: kube-system
  82. roleRef:
  83. kind: Role
  84. name: snapshot-controller-leaderelection
  85. apiGroup: rbac.authorization.k8s.io