github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/csi-hostpath-driver/templates/rbac/rbac-csi-health-monitor.yaml

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/csi-hostpath-driver/templates/rbac/rbac-csi-health-monitor.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3  metadata:
     4    name: csi-external-health-monitor-{{ include "csi-hostpath-driver.fullname" . }}
     5    namespace: {{ .Release.Namespace }}
     6  
     7  ---
     8  # Health monitor controller must be able to work with PVs, PVCs, Nodes and Pods
     9  kind: ClusterRole
    10  apiVersion: rbac.authorization.k8s.io/v1
    11  metadata:
    12    name: external-health-monitor-runner-{{ include "csi-hostpath-driver.fullname" . }}
    13  rules:
    14    - apiGroups: [""]
    15      resources: ["persistentvolumes"]
    16      verbs: ["get", "list", "watch"]
    17    - apiGroups: [""]
    18      resources: ["persistentvolumeclaims"]
    19      verbs: ["get", "list", "watch"]
    20    - apiGroups: [""]
    21      resources: ["nodes"]
    22      verbs: ["get", "list", "watch"]
    23    - apiGroups: [""]
    24      resources: ["pods"]
    25      verbs: ["get", "list", "watch"]
    26    - apiGroups: [""]
    27      resources: ["events"]
    28      verbs: ["get", "list", "watch", "create", "patch"]
    29  
    30  ---
    31  kind: ClusterRoleBinding
    32  apiVersion: rbac.authorization.k8s.io/v1
    33  metadata:
    34    name: csi-external-health-monitor-role-{{ include "csi-hostpath-driver.fullname" . }}
    35  subjects:
    36    - kind: ServiceAccount
    37      name: csi-external-health-monitor-{{ include "csi-hostpath-driver.fullname" . }}
    38      namespace: {{ .Release.Namespace }}
    39  roleRef:
    40    kind: ClusterRole
    41    name: external-health-monitor-runner-{{ include "csi-hostpath-driver.fullname" . }}
    42    apiGroup: rbac.authorization.k8s.io
    43  
    44  ---
    45  # Health monitor controller must be able to work with configmaps or leases in the current namespace
    46  # if (and only if) leadership election is enabled
    47  kind: Role
    48  apiVersion: rbac.authorization.k8s.io/v1
    49  metadata:
    50    namespace: {{ .Release.Namespace }}
    51    name: external-health-monitor-cfg-{{ include "csi-hostpath-driver.fullname" . }}
    52  rules:
    53    - apiGroups: ["coordination.k8s.io"]
    54      resources: ["leases"]
    55      verbs: ["get", "watch", "list", "delete", "update", "create"]
    56  
    57  ---
    58  kind: RoleBinding
    59  apiVersion: rbac.authorization.k8s.io/v1
    60  metadata:
    61    name: csi-external-health-monitor-role-cfg-{{ include "csi-hostpath-driver.fullname" . }}
    62    namespace: {{ .Release.Namespace }}
    63  subjects:
    64    - kind: ServiceAccount
    65      name: csi-external-health-monitor-{{ include "csi-hostpath-driver.fullname" . }}
    66      namespace: {{ .Release.Namespace }}
    67  roleRef:
    68    kind: Role
    69    name: external-health-monitor-cfg-{{ include "csi-hostpath-driver.fullname" . }}
    70    apiGroup: rbac.authorization.k8s.io