sigs.k8s.io/azuredisk-csi-driver@v1.30.1/deploy/v2.0.0-beta.4/rbac-csi-azuredisk-controller.yaml

sigs.k8s.io/azuredisk-csi-driver@v1.30.1/deploy/v2.0.0-beta.4/rbac-csi-azuredisk-controller.yaml (about)

     1  ---
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    name: csi-azuredisk-controller-sa
     6    namespace: kube-system
     7  ---
     8  
     9  kind: ClusterRole
    10  apiVersion: rbac.authorization.k8s.io/v1
    11  metadata:
    12    name: azuredisk-external-provisioner-role
    13  rules:
    14    - apiGroups: [""]
    15      resources: ["persistentvolumes"]
    16      verbs: ["get", "list", "watch", "create", "delete"]
    17    - apiGroups: [""]
    18      resources: ["persistentvolumeclaims"]
    19      verbs: ["get", "list", "watch", "update"]
    20    - apiGroups: ["storage.k8s.io"]
    21      resources: ["storageclasses"]
    22      verbs: ["get", "list", "watch"]
    23    - apiGroups: [""]
    24      resources: ["events"]
    25      verbs: ["get", "list", "watch", "create", "update", "patch"]
    26    - apiGroups: ["storage.k8s.io"]
    27      resources: ["csinodes"]
    28      verbs: ["get", "list", "watch"]
    29    - apiGroups: [""]
    30      resources: ["nodes"]
    31      verbs: ["get", "list", "watch"]
    32    - apiGroups: ["coordination.k8s.io"]
    33      resources: ["leases"]
    34      verbs: ["get", "list", "watch", "create", "update", "patch"]
    35    - apiGroups: ["snapshot.storage.k8s.io"]
    36      resources: ["volumesnapshots"]
    37      verbs: ["get", "list"]
    38    - apiGroups: ["snapshot.storage.k8s.io"]
    39      resources: ["volumesnapshotcontents"]
    40      verbs: ["get", "list"]
    41    - apiGroups: ["disk.csi.azure.com"]
    42      resources: ["azdrivernodes", "azvolumeattachments", "azvolumes"]
    43      verbs: ["create", "get", "list", "watch", "patch", "update", "delete"]
    44    - apiGroups: ["disk.csi.azure.com"]
    45      resources: ["azdrivernodes/status", "azvolumeattachments/status", "azvolumes/status"]
    46      verbs: ["get", "patch", "update"]
    47    - apiGroups: ["storage.k8s.io"]
    48      resources: ["volumeattachments"]
    49      verbs: ["get", "list", "watch"]
    50    - apiGroups: ["storage.k8s.io"]
    51      resources: ["volumeattachments/status"]
    52      verbs: ["get", "list", "watch", "update", "patch"]
    53  ---
    54  
    55  kind: ClusterRoleBinding
    56  apiVersion: rbac.authorization.k8s.io/v1
    57  metadata:
    58    name: azuredisk-csi-provisioner-binding
    59  subjects:
    60    - kind: ServiceAccount
    61      name: csi-azuredisk-controller-sa
    62      namespace: kube-system
    63  roleRef:
    64    kind: ClusterRole
    65    name: azuredisk-external-provisioner-role
    66    apiGroup: rbac.authorization.k8s.io
    67  
    68  ---
    69  
    70  kind: ClusterRole
    71  apiVersion: rbac.authorization.k8s.io/v1
    72  metadata:
    73    name: azuredisk-external-attacher-role
    74  rules:
    75    - apiGroups: [""]
    76      resources: ["persistentvolumes"]
    77      verbs: ["get", "list", "watch", "update"]
    78    - apiGroups: [""]
    79      resources: ["nodes"]
    80      verbs: ["get", "list", "watch"]
    81    - apiGroups: ["csi.storage.k8s.io"]
    82      resources: ["csinodeinfos"]
    83      verbs: ["get", "list", "watch"]
    84    - apiGroups: ["storage.k8s.io"]
    85      resources: ["volumeattachments"]
    86      verbs: ["get", "list", "watch", "update", "patch"]
    87    - apiGroups: ["storage.k8s.io"]
    88      resources: ["volumeattachments/status"]
    89      verbs: ["get", "list", "watch", "update", "patch"]
    90    - apiGroups: ["coordination.k8s.io"]
    91      resources: ["leases"]
    92      verbs: ["get", "list", "watch", "create", "update", "patch"]
    93  ---
    94  
    95  kind: ClusterRoleBinding
    96  apiVersion: rbac.authorization.k8s.io/v1
    97  metadata:
    98    name: azuredisk-csi-attacher-binding
    99  subjects:
   100    - kind: ServiceAccount
   101      name: csi-azuredisk-controller-sa
   102      namespace: kube-system
   103  roleRef:
   104    kind: ClusterRole
   105    name: azuredisk-external-attacher-role
   106    apiGroup: rbac.authorization.k8s.io
   107  
   108  ---
   109  
   110  kind: ClusterRole
   111  apiVersion: rbac.authorization.k8s.io/v1
   112  metadata:
   113    name: azuredisk-external-snapshotter-role
   114  rules:
   115    - apiGroups: [""]
   116      resources: ["events"]
   117      verbs: ["list", "watch", "create", "update", "patch"]
   118    - apiGroups: [""]
   119      resources: ["secrets"]
   120      verbs: ["get", "list"]
   121    - apiGroups: ["snapshot.storage.k8s.io"]
   122      resources: ["volumesnapshotclasses"]
   123      verbs: ["get", "list", "watch"]
   124    - apiGroups: ["snapshot.storage.k8s.io"]
   125      resources: ["volumesnapshotcontents"]
   126      verbs: ["create", "get", "list", "watch", "update", "delete"]
   127    - apiGroups: ["snapshot.storage.k8s.io"]
   128      resources: ["volumesnapshotcontents/status"]
   129      verbs: ["update"]
   130    - apiGroups: ["apiextensions.k8s.io"]
   131      resources: ["customresourcedefinitions"]
   132      verbs: ["create", "list", "watch", "delete"]
   133    - apiGroups: ["coordination.k8s.io"]
   134      resources: ["leases"]
   135      verbs: ["get", "watch", "list", "delete", "update", "create"]
   136  ---
   137  
   138  kind: ClusterRoleBinding
   139  apiVersion: rbac.authorization.k8s.io/v1
   140  metadata:
   141    name: azuredisk-csi-snapshotter-binding
   142  subjects:
   143    - kind: ServiceAccount
   144      name: csi-azuredisk-controller-sa
   145      namespace: kube-system
   146  roleRef:
   147    kind: ClusterRole
   148    name: azuredisk-external-snapshotter-role
   149    apiGroup: rbac.authorization.k8s.io
   150  ---
   151  
   152  kind: ClusterRole
   153  apiVersion: rbac.authorization.k8s.io/v1
   154  metadata:
   155    name: azuredisk-external-resizer-role
   156  rules:
   157    - apiGroups: [""]
   158      resources: ["persistentvolumes"]
   159      verbs: ["get", "list", "watch", "update", "patch"]
   160    - apiGroups: [""]
   161      resources: ["persistentvolumeclaims"]
   162      verbs: ["get", "list", "watch"]
   163    - apiGroups: [""]
   164      resources: ["persistentvolumeclaims/status"]
   165      verbs: ["update", "patch"]
   166    - apiGroups: [""]
   167      resources: ["events"]
   168      verbs: ["list", "watch", "create", "update", "patch"]
   169    - apiGroups: ["coordination.k8s.io"]
   170      resources: ["leases"]
   171      verbs: ["get", "list", "watch", "create", "update", "patch"]
   172    - apiGroups: [""]
   173      resources: ["pods"]
   174      verbs: ["get", "list", "watch"]
   175  ---
   176  kind: ClusterRoleBinding
   177  apiVersion: rbac.authorization.k8s.io/v1
   178  metadata:
   179    name: azuredisk-csi-resizer-role
   180  subjects:
   181    - kind: ServiceAccount
   182      name: csi-azuredisk-controller-sa
   183      namespace: kube-system
   184  roleRef:
   185    kind: ClusterRole
   186    name: azuredisk-external-resizer-role
   187    apiGroup: rbac.authorization.k8s.io
   188  
   189  ---
   190  kind: ClusterRole
   191  apiVersion: rbac.authorization.k8s.io/v1
   192  metadata:
   193    name: csi-azuredisk-controller-secret-role
   194    namespace: kube-system
   195  rules:
   196    - apiGroups: [""]
   197      resources: ["secrets"]
   198      verbs: ["get", "list"]
   199  
   200  ---
   201  kind: ClusterRoleBinding
   202  apiVersion: rbac.authorization.k8s.io/v1
   203  metadata:
   204    name: csi-azuredisk-controller-secret-binding
   205  subjects:
   206    - kind: ServiceAccount
   207      name: csi-azuredisk-controller-sa
   208      namespace: kube-system
   209  roleRef:
   210    kind: ClusterRole
   211    name: csi-azuredisk-controller-secret-role
   212    apiGroup: rbac.authorization.k8s.io