platform-armada-app/stx-platform-helm/stx-platform-helm/helm-charts/cephfs-provisioner/templates/rbac-secrets.yaml

{{/*
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}

{{- $defaults := .Values.classdefaults }}

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ $defaults.rbacConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "create", "list", "update"]
---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ $defaults.rbacConfigName }}
subjects:
  - kind: ServiceAccount
    name: {{ $defaults.rbacConfigName }}
    namespace: {{ $defaults.cephFSNamespace }}
roleRef:
  kind: ClusterRole
  name: {{ $defaults.rbacConfigName }}
  apiGroup: rbac.authorization.k8s.io
---

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ $defaults.rbacConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "create", "list", "update"]
---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ $defaults.rbacConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $defaults.rbacConfigName }}
subjects:
- kind: ServiceAccount
  name: {{ $defaults.rbacConfigName }}
---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ $defaults.rbacConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ $defaults.provisionerConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["kube-dns","coredns"]
    verbs: ["list", "get"]
---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ $defaults.provisionerConfigName }}
subjects:
  - kind: ServiceAccount
    name: {{ $defaults.provisionerConfigName }}
    namespace: {{ $defaults.cephFSNamespace }}
roleRef:
  kind: ClusterRole
  name: {{ $defaults.provisionerConfigName }}
  apiGroup: rbac.authorization.k8s.io
---

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ $defaults.provisionerConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "delete"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ $defaults.provisionerConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $defaults.provisionerConfigName }}
subjects:
- kind: ServiceAccount
  name: {{ $defaults.provisionerConfigName }}
---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ $defaults.provisionerConfigName }}
  namespace: {{ $defaults.cephFSNamespace }}
imagePullSecrets:
  - name: default-registry-key