github.com/openebs/node-disk-manager@v1.9.1-0.20230225014141-4531f06ffa1e/deploy/helm/charts/templates/rbac.yaml

github.com/openebs/node-disk-manager@v1.9.1-0.20230225014141-4531f06ffa1e/deploy/helm/charts/templates/rbac.yaml (about)

     1  {{- if .Values.serviceAccount.create -}}
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    name: {{ include "openebs-ndm.serviceAccountName" . }}
     6  {{- end }}
     7  ---
     8  kind: ClusterRole
     9  apiVersion: rbac.authorization.k8s.io/v1
    10  metadata:
    11    name: {{ include "openebs-ndm.fullname" . }}
    12  rules:
    13    - apiGroups: ["*"]
    14      resources: ["nodes", "pods", "events", "configmaps", "jobs"]
    15      verbs:
    16        - '*'
    17    - apiGroups: ["apiextensions.k8s.io"]
    18      resources: ["customresourcedefinitions"]
    19      verbs:
    20        - '*'
    21    - apiGroups:
    22        - openebs.io
    23      resources:
    24        - blockdevices
    25        - blockdeviceclaims
    26      verbs:
    27        - '*'
    28  ---
    29  kind: ClusterRoleBinding
    30  apiVersion: rbac.authorization.k8s.io/v1
    31  metadata:
    32    name: {{ include "openebs-ndm.fullname" . }}
    33  subjects:
    34    - kind: ServiceAccount
    35      name: {{ include "openebs-ndm.serviceAccountName" . }}
    36      namespace: {{ .Release.Namespace }}
    37    - kind: User
    38      name: system:serviceaccount:default:default
    39      apiGroup: rbac.authorization.k8s.io
    40  roleRef:
    41    kind: ClusterRole
    42    name: {{ include "openebs-ndm.fullname" . }}
    43    apiGroup: rbac.authorization.k8s.io
    44  ---