k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/volumesnapshots/volume-snapshot-controller/rbac-volume-snapshot-controller.yaml (about) 1 # RBAC file for the volume snapshot controller. 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: volume-snapshot-controller 6 namespace: kube-system 7 labels: 8 kubernetes.io/cluster-service: "true" 9 addonmanager.kubernetes.io/mode: Reconcile 10 --- 11 kind: ClusterRole 12 apiVersion: rbac.authorization.k8s.io/v1 13 metadata: 14 # rename if there are conflicts 15 name: volume-snapshot-controller-runner 16 namespace: kube-system 17 labels: 18 kubernetes.io/cluster-service: "true" 19 addonmanager.kubernetes.io/mode: Reconcile 20 rules: 21 - apiGroups: [""] 22 resources: ["persistentvolumes"] 23 verbs: ["get", "list", "watch"] 24 - apiGroups: [""] 25 resources: ["persistentvolumeclaims"] 26 verbs: ["get", "list", "watch", "update"] 27 - apiGroups: ["storage.k8s.io"] 28 resources: ["storageclasses"] 29 verbs: ["get", "list", "watch"] 30 - apiGroups: [""] 31 resources: ["events"] 32 verbs: ["list", "watch", "create", "update", "patch"] 33 - apiGroups: ["snapshot.storage.k8s.io"] 34 resources: ["volumesnapshotclasses"] 35 verbs: ["get", "list", "watch"] 36 - apiGroups: ["snapshot.storage.k8s.io"] 37 resources: ["volumesnapshotcontents"] 38 verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] 39 - apiGroups: ["snapshot.storage.k8s.io"] 40 resources: ["volumesnapshots"] 41 verbs: ["get", "list", "watch", "update", "patch"] 42 - apiGroups: ["snapshot.storage.k8s.io"] 43 resources: ["volumesnapshots/status"] 44 verbs: ["update", "patch"] 45 - apiGroups: ["snapshot.storage.k8s.io"] 46 resources: ["volumesnapshotcontents/status"] 47 verbs: ["patch"] 48 - apiGroups: ["apiextensions.k8s.io"] 49 resources: ["customresourcedefinitions"] 50 verbs: ["create", "list", "watch", "delete", "get", "update"] 51 52 --- 53 kind: ClusterRoleBinding 54 apiVersion: rbac.authorization.k8s.io/v1 55 metadata: 56 name: volume-snapshot-controller-role 57 namespace: kube-system 58 labels: 59 addonmanager.kubernetes.io/mode: Reconcile 60 subjects: 61 - kind: ServiceAccount 62 name: volume-snapshot-controller 63 namespace: kube-system 64 roleRef: 65 kind: ClusterRole 66 # change the name also here if the ClusterRole gets renamed 67 name: volume-snapshot-controller-runner 68 apiGroup: rbac.authorization.k8s.io 69 70 --- 71 kind: Role 72 apiVersion: rbac.authorization.k8s.io/v1 73 metadata: 74 name: volume-snapshot-controller-leaderelection 75 namespace: kube-system 76 labels: 77 addonmanager.kubernetes.io/mode: Reconcile 78 rules: 79 - apiGroups: ["coordination.k8s.io"] 80 resources: ["leases"] 81 verbs: ["get", "watch", "list", "delete", "update", "create"] 82 83 --- 84 kind: RoleBinding 85 apiVersion: rbac.authorization.k8s.io/v1 86 metadata: 87 name: volume-snapshot-controller-leaderelection 88 namespace: kube-system 89 labels: 90 addonmanager.kubernetes.io/mode: Reconcile 91 subjects: 92 - kind: ServiceAccount 93 name: volume-snapshot-controller 94 namespace: kube-system 95 roleRef: 96 kind: Role 97 name: volume-snapshot-controller-leaderelection 98 apiGroup: rbac.authorization.k8s.io 99