From 3ed40f4c9f00f08a99ebc3169a93e09b7e95045f Mon Sep 17 00:00:00 2001 From: Cheng Xing Date: Mon, 17 Sep 2018 16:25:50 -0700 Subject: [PATCH] RBAC roles and rolebindings for external provisioner leader election --- deploy/kubernetes/dev/setup-cluster.yaml | 27 +++++++++++++++++++- deploy/kubernetes/stable/setup-cluster.yaml | 28 ++++++++++++++++++++- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/dev/setup-cluster.yaml b/deploy/kubernetes/dev/setup-cluster.yaml index 24ae7f154..5f58f5453 100644 --- a/deploy/kubernetes/dev/setup-cluster.yaml +++ b/deploy/kubernetes/dev/setup-cluster.yaml @@ -67,4 +67,29 @@ subjects: roleRef: kind: ClusterRole name: system:csi-external-provisioner - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-csi-external-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-csi-external-provisioner +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: default +roleRef: + kind: Role + name: leader-locking-csi-external-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/stable/setup-cluster.yaml b/deploy/kubernetes/stable/setup-cluster.yaml index 24ae7f154..bc59e7a6b 100644 --- a/deploy/kubernetes/stable/setup-cluster.yaml +++ b/deploy/kubernetes/stable/setup-cluster.yaml @@ -67,4 +67,30 @@ subjects: roleRef: kind: ClusterRole name: system:csi-external-provisioner - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-csi-external-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-csi-external-provisioner +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: default +roleRef: + kind: Role + name: leader-locking-csi-external-provisioner + apiGroup: rbac.authorization.k8s.io