|
@@ -0,0 +1,52 @@
|
|
|
+kind: Role
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+metadata:
|
|
|
+ name: {{ printf "%s-rbac" (include "hpcc-efs.fullname" $) }}
|
|
|
+
|
|
|
+rules:
|
|
|
+ - apiGroups: [""]
|
|
|
+ resources: ["endpoints"]
|
|
|
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
|
|
|
+---
|
|
|
+kind: RoleBinding
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+metadata:
|
|
|
+ name: {{ printf "%s-rbac-binding" (include "hpcc-efs.fullname" $) }}
|
|
|
+subjects:
|
|
|
+ - kind: ServiceAccount
|
|
|
+ name: {{ .Values.efs.serviceaccount | default "default" }}
|
|
|
+ # replace with namespace where provisioner is deployed
|
|
|
+ namespace: {{ .Values.efs.namespace | default "default" }}
|
|
|
+roleRef:
|
|
|
+ kind: Role
|
|
|
+ name: {{ printf "%s-rbac" (include "hpcc-efs.fullname" $) }}
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|
|
|
+---
|
|
|
+
|
|
|
+kind: ClusterRole
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+metadata:
|
|
|
+ name: {{ printf "%s-role" (include "hpcc-efs.fullname" $) }}
|
|
|
+rules:
|
|
|
+- apiGroups: [""]
|
|
|
+ resources: ["persistentvolumes"]
|
|
|
+ verbs: ["get", "list", "watch", "create", "delete"]
|
|
|
+- apiGroups: [""]
|
|
|
+ resources: ["persistentvolumeclaims"]
|
|
|
+ verbs: ["get", "list", "watch", "update"]
|
|
|
+- apiGroups: ["storage.k8s.io"]
|
|
|
+ resources: ["storageclasses"]
|
|
|
+ verbs: ["get", "list", "watch"]
|
|
|
+---
|
|
|
+kind: ClusterRoleBinding
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+metadata:
|
|
|
+ name: {{ printf "%s-crb" (include "hpcc-efs.fullname" $) }}
|
|
|
+subjects:
|
|
|
+- kind: ServiceAccount
|
|
|
+ name: {{ .Values.efs.serviceaccount | default "default" }}
|
|
|
+ namespace: {{ .Values.efs.namespace | default "default" }}
|
|
|
+roleRef:
|
|
|
+ kind: ClusterRole
|
|
|
+ name: {{ printf "%s-role" (include "hpcc-efs.fullname" $) }}
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|