diff --git a/Makefile b/Makefile index 3106df55..885ad193 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,10 @@ REGISTRY_NAMESPACE ?= cephcsi IMAGE_TAG ?= latest IMAGE_NAME ?= ceph-csi-operator +# Use different name prefix and namespace prefix for csi rbac kustomize +CSI_RBAC_NAME_PREFIX ?= ceph-csi-operator- +CSI_RBAC_NAMESPACE ?= $(CSI_RBAC_NAME_PREFIX)system + IMG ?= $(IMAGE_REGISTRY)/$(REGISTRY_NAMESPACE)/$(IMAGE_NAME):$(IMAGE_TAG) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. @@ -126,6 +130,11 @@ build-installer: manifests generate kustomize ## Generate a consolidated YAML wi cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default > dist/install.yaml +.PHONY: build-csi-rbac +build-csi-rbac: + cd config/csi-rbac && $(KUSTOMIZE) edit set nameprefix $(CSI_RBAC_NAME_PREFIX) + cd config/csi-rbac && $(KUSTOMIZE) edit set namespace $(CSI_RBAC_NAMESPACE) + $(KUSTOMIZE) build config/csi-rbac > dist/csi-rbac.yaml ##@ Deployment ifndef ignore-not-found diff --git a/config/rbac/csi_cephfs_ctrlplugin_cluster_role.yaml b/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml similarity index 97% rename from config/rbac/csi_cephfs_ctrlplugin_cluster_role.yaml rename to config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml index 72ee2c86..7850a48d 100644 --- a/config/rbac/csi_cephfs_ctrlplugin_cluster_role.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-cephfs-ctrlplugin-cr + name: cephfs-ctrlplugin-cr rules: - apiGroups: [""] resources: ["secrets"] diff --git a/config/rbac/csi_rbd_nodeplugin_cluster_role_binding.yaml b/config/csi-rbac/cephfs_ctrlplugin_cluster_role_binding.yaml similarity index 68% rename from config/rbac/csi_rbd_nodeplugin_cluster_role_binding.yaml rename to config/csi-rbac/cephfs_ctrlplugin_cluster_role_binding.yaml index 99a300f3..3ddb067f 100644 --- a/config/rbac/csi_rbd_nodeplugin_cluster_role_binding.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_cluster_role_binding.yaml @@ -1,12 +1,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-nodeplugin-crb + name: cephfs-ctrlplugin-crb subjects: - kind: ServiceAccount - name: csi-rbd-nodeplugin-sa + name: cephfs-ctrlplugin-sa namespace: system roleRef: kind: ClusterRole - name: csi-rbd-nodeplugin-cr + name: cephfs-ctrlplugin-cr apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/csi_cephfs_ctrlplugin_role.yaml b/config/csi-rbac/cephfs_ctrlplugin_role.yaml similarity index 86% rename from config/rbac/csi_cephfs_ctrlplugin_role.yaml rename to config/csi-rbac/cephfs_ctrlplugin_role.yaml index 0173896a..0ecf6425 100644 --- a/config/rbac/csi_cephfs_ctrlplugin_role.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_role.yaml @@ -1,7 +1,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-cephfs-ctrlplugin-r + name: cephfs-ctrlplugin-r rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] diff --git a/config/rbac/csi_rbd_ctrlplugin_role_binding.yaml b/config/csi-rbac/cephfs_ctrlplugin_role_binding.yaml similarity index 67% rename from config/rbac/csi_rbd_ctrlplugin_role_binding.yaml rename to config/csi-rbac/cephfs_ctrlplugin_role_binding.yaml index b32543ec..5029701e 100644 --- a/config/rbac/csi_rbd_ctrlplugin_role_binding.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_role_binding.yaml @@ -1,12 +1,12 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-ctrlplugin-rb + name: cephfs-ctrlplugin-rb subjects: - kind: ServiceAccount - name: csi-rbd-ctrlplugin-sa + name: cephfs-ctrlplugin-sa namespace: system roleRef: kind: Role - name: csi-rbd-ctrlplugin-r + name: cephfs-ctrlplugin-r apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/csi_rbd_ctrlplugin_service_account.yaml b/config/csi-rbac/cephfs_ctrlplugin_service_account.yaml similarity index 68% rename from config/rbac/csi_rbd_ctrlplugin_service_account.yaml rename to config/csi-rbac/cephfs_ctrlplugin_service_account.yaml index e5932edb..f8d5e153 100644 --- a/config/rbac/csi_rbd_ctrlplugin_service_account.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_service_account.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-rbd-ctrlplugin-sa + name: cephfs-ctrlplugin-sa namespace: system diff --git a/config/rbac/csi_cephfs_nodeplugin_cluster_role.yaml b/config/csi-rbac/cephfs_nodeplugin_cluster_role.yaml similarity index 93% rename from config/rbac/csi_cephfs_nodeplugin_cluster_role.yaml rename to config/csi-rbac/cephfs_nodeplugin_cluster_role.yaml index 9022e849..48be70bd 100644 --- a/config/rbac/csi_cephfs_nodeplugin_cluster_role.yaml +++ b/config/csi-rbac/cephfs_nodeplugin_cluster_role.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-cephfs-nodeplugin-cr + name: cephfs-nodeplugin-cr rules: - apiGroups: [""] resources: ["nodes"] diff --git a/config/rbac/csi_rbd_ctrlplugin_cluster_role_binding.yaml b/config/csi-rbac/cephfs_nodeplugin_cluster_role_binding.yaml similarity index 68% rename from config/rbac/csi_rbd_ctrlplugin_cluster_role_binding.yaml rename to config/csi-rbac/cephfs_nodeplugin_cluster_role_binding.yaml index 48f8c5bb..f454c0ec 100644 --- a/config/rbac/csi_rbd_ctrlplugin_cluster_role_binding.yaml +++ b/config/csi-rbac/cephfs_nodeplugin_cluster_role_binding.yaml @@ -1,12 +1,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-ctrlplugin-crb + name: cephfs-nodeplugin-crb subjects: - kind: ServiceAccount - name: csi-rbd-ctrlplugin-sa + name: cephfs-nodeplugin-sa namespace: system roleRef: kind: ClusterRole - name: csi-rbd-ctrlplugin-cr + name: cephfs-nodeplugin-cr apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/csi_rbd_nodeplugin_service_account.yaml b/config/csi-rbac/cephfs_nodeplugin_service_account.yaml similarity index 68% rename from config/rbac/csi_rbd_nodeplugin_service_account.yaml rename to config/csi-rbac/cephfs_nodeplugin_service_account.yaml index c934e3ed..9ac63c58 100644 --- a/config/rbac/csi_rbd_nodeplugin_service_account.yaml +++ b/config/csi-rbac/cephfs_nodeplugin_service_account.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-rbd-nodeplugin-sa + name: cephfs-nodeplugin-sa namespace: system diff --git a/config/csi-rbac/kustomization.yaml b/config/csi-rbac/kustomization.yaml new file mode 100644 index 00000000..e565933b --- /dev/null +++ b/config/csi-rbac/kustomization.yaml @@ -0,0 +1,21 @@ +resources: +# CSI operands have their own set of RBAC that need to be installed +# on the cluster. +- cephfs_ctrlplugin_service_account.yaml +- cephfs_ctrlplugin_cluster_role.yaml +- cephfs_ctrlplugin_cluster_role_binding.yaml +- cephfs_ctrlplugin_role.yaml +- cephfs_ctrlplugin_role_binding.yaml +- cephfs_nodeplugin_service_account.yaml +- cephfs_nodeplugin_cluster_role.yaml +- cephfs_nodeplugin_cluster_role_binding.yaml +- rbd_ctrlplugin_service_account.yaml +- rbd_ctrlplugin_cluster_role.yaml +- rbd_ctrlplugin_cluster_role_binding.yaml +- rbd_ctrlplugin_role.yaml +- rbd_ctrlplugin_role_binding.yaml +- rbd_nodeplugin_service_account.yaml +- rbd_nodeplugin_cluster_role.yaml +- rbd_nodeplugin_cluster_role_binding.yaml +- rbd_nodeplugin_role.yaml +- rbd_nodeplugin_role_binding.yaml diff --git a/config/rbac/csi_nfs_ctrlplugin_cluster_role.yaml b/config/csi-rbac/nfs_ctrlplugin_cluster_role.yaml similarity index 98% rename from config/rbac/csi_nfs_ctrlplugin_cluster_role.yaml rename to config/csi-rbac/nfs_ctrlplugin_cluster_role.yaml index 48fc09ab..46c9ba06 100644 --- a/config/rbac/csi_nfs_ctrlplugin_cluster_role.yaml +++ b/config/csi-rbac/nfs_ctrlplugin_cluster_role.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nfs-ctrlplugin-cr + name: nfs-ctrlplugin-cr rules: - apiGroups: [""] resources: ["persistentvolumes"] diff --git a/config/rbac/csi_cephfs_nodeplugin_cluster_role_binding.yaml b/config/csi-rbac/nfs_ctrlplugin_cluster_role_binding.yaml similarity index 66% rename from config/rbac/csi_cephfs_nodeplugin_cluster_role_binding.yaml rename to config/csi-rbac/nfs_ctrlplugin_cluster_role_binding.yaml index e48c35e1..ec4b0d59 100644 --- a/config/rbac/csi_cephfs_nodeplugin_cluster_role_binding.yaml +++ b/config/csi-rbac/nfs_ctrlplugin_cluster_role_binding.yaml @@ -1,12 +1,13 @@ + kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-cephfs-nodeplugin-crb + name: nfs-ctrlplugin-crb subjects: - kind: ServiceAccount - name: csi-cephfs-nodeplugin-sa + name: nfs-ctrlplugin-sa namespace: system roleRef: kind: ClusterRole - name: csi-cephfs-nodeplugin-cr + name: nfs-ctrlplugin-cr apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/csi_nfs_ctrlplugin_service_account.yaml b/config/csi-rbac/nfs_ctrlplugin_service_account.yaml similarity index 68% rename from config/rbac/csi_nfs_ctrlplugin_service_account.yaml rename to config/csi-rbac/nfs_ctrlplugin_service_account.yaml index 49e514db..75f6468d 100644 --- a/config/rbac/csi_nfs_ctrlplugin_service_account.yaml +++ b/config/csi-rbac/nfs_ctrlplugin_service_account.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-nfs-ctrlplugin-sa + name: nfs-ctrlplugin-sa namespace: system diff --git a/config/rbac/csi_nfs_nodeplugin_cluster_role.yaml b/config/csi-rbac/nfs_nodeplugin_cluster_role.yaml similarity index 88% rename from config/rbac/csi_nfs_nodeplugin_cluster_role.yaml rename to config/csi-rbac/nfs_nodeplugin_cluster_role.yaml index 1a63795e..674dccfb 100644 --- a/config/rbac/csi_nfs_nodeplugin_cluster_role.yaml +++ b/config/csi-rbac/nfs_nodeplugin_cluster_role.yaml @@ -4,7 +4,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nfs-nodeplugin-cr + name: nfs-nodeplugin-cr rules: - apiGroups: [""] resources: ["nodes"] diff --git a/config/rbac/csi_nfs_nodeplugin_cluster_role_binding.yaml b/config/csi-rbac/nfs_nodeplugin_cluster_role_binding.yaml similarity index 63% rename from config/rbac/csi_nfs_nodeplugin_cluster_role_binding.yaml rename to config/csi-rbac/nfs_nodeplugin_cluster_role_binding.yaml index 449b1008..7eba01d5 100644 --- a/config/rbac/csi_nfs_nodeplugin_cluster_role_binding.yaml +++ b/config/csi-rbac/nfs_nodeplugin_cluster_role_binding.yaml @@ -1,12 +1,11 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nfs-nodeplugin-crb + name: nfs-nodeplugin-crb subjects: - kind: ServiceAccount - name: csi-nfs-nodeplugin-sa + name: nfs-nodeplugin-sa namespace: system roleRef: kind: ClusterRole - name: csi-nfs-nodeplugin-cr - + name: nfs-nodeplugin-cr diff --git a/config/rbac/csi_nfs_nodeplugin_service_account.yaml b/config/csi-rbac/nfs_nodeplugin_service_account.yaml similarity index 69% rename from config/rbac/csi_nfs_nodeplugin_service_account.yaml rename to config/csi-rbac/nfs_nodeplugin_service_account.yaml index 60d7bd6a..95632081 100644 --- a/config/rbac/csi_nfs_nodeplugin_service_account.yaml +++ b/config/csi-rbac/nfs_nodeplugin_service_account.yaml @@ -2,5 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-nfs-nodeplugin-sa + name: nfs-nodeplugin-sa namespace: system diff --git a/config/rbac/csi_rbd_ctrlplugin_cluster_role.yaml b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml similarity index 98% rename from config/rbac/csi_rbd_ctrlplugin_cluster_role.yaml rename to config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml index faa4d475..30d11264 100644 --- a/config/rbac/csi_rbd_ctrlplugin_cluster_role.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-ctrlplugin-cr + name: rbd-ctrlplugin-cr rules: - apiGroups: [""] resources: ["secrets"] diff --git a/config/rbac/csi_cephfs_ctrlplugin_cluster_role_binding.yaml b/config/csi-rbac/rbd_ctrlplugin_cluster_role_binding.yaml similarity index 66% rename from config/rbac/csi_cephfs_ctrlplugin_cluster_role_binding.yaml rename to config/csi-rbac/rbd_ctrlplugin_cluster_role_binding.yaml index 6ec45d3c..2d09882d 100644 --- a/config/rbac/csi_cephfs_ctrlplugin_cluster_role_binding.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_cluster_role_binding.yaml @@ -1,12 +1,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-cephfs-ctrlplugin-crb + name: rbd-ctrlplugin-crb subjects: - kind: ServiceAccount - name: csi-cephfs-ctrlplugin-sa + name: rbd-ctrlplugin-sa namespace: system roleRef: kind: ClusterRole - name: csi-cephfs-ctrlplugin-cr + name: rbd-ctrlplugin-cr apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/csi_rbd_ctrlplugin_role.yaml b/config/csi-rbac/rbd_ctrlplugin_role.yaml similarity index 91% rename from config/rbac/csi_rbd_ctrlplugin_role.yaml rename to config/csi-rbac/rbd_ctrlplugin_role.yaml index 1c8e2702..34eed43b 100644 --- a/config/rbac/csi_rbd_ctrlplugin_role.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_role.yaml @@ -1,7 +1,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-ctrlplugin-r + name: rbd-ctrlplugin-r rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] diff --git a/config/rbac/csi_rbd_nodeplugin_role_binding.yaml b/config/csi-rbac/rbd_ctrlplugin_role_binding.yaml similarity index 67% rename from config/rbac/csi_rbd_nodeplugin_role_binding.yaml rename to config/csi-rbac/rbd_ctrlplugin_role_binding.yaml index d07378b3..5995de78 100644 --- a/config/rbac/csi_rbd_nodeplugin_role_binding.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_role_binding.yaml @@ -1,12 +1,12 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-nodeplugin-rb + name: rbd-ctrlplugin-rb subjects: - kind: ServiceAccount - name: csi-rbd-nodeplugin-sa + name: rbd-ctrlplugin-sa namespace: system roleRef: kind: Role - name: csi-rbd-nodeplugin-r + name: rbd-ctrlplugin-r apiGroup: rbac.authorization.k8s.io diff --git a/config/csi-rbac/rbd_ctrlplugin_service_account.yaml b/config/csi-rbac/rbd_ctrlplugin_service_account.yaml new file mode 100644 index 00000000..e12b8abb --- /dev/null +++ b/config/csi-rbac/rbd_ctrlplugin_service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbd-ctrlplugin-sa + namespace: system diff --git a/config/rbac/csi_rbd_nodeplugin_cluster_role.yaml b/config/csi-rbac/rbd_nodeplugin_cluster_role.yaml similarity index 95% rename from config/rbac/csi_rbd_nodeplugin_cluster_role.yaml rename to config/csi-rbac/rbd_nodeplugin_cluster_role.yaml index 3d786de8..559adacf 100644 --- a/config/rbac/csi_rbd_nodeplugin_cluster_role.yaml +++ b/config/csi-rbac/rbd_nodeplugin_cluster_role.yaml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-nodeplugin-cr + name: rbd-nodeplugin-cr rules: - apiGroups: [""] resources: ["secrets"] diff --git a/config/csi-rbac/rbd_nodeplugin_cluster_role_binding.yaml b/config/csi-rbac/rbd_nodeplugin_cluster_role_binding.yaml new file mode 100644 index 00000000..989cc74c --- /dev/null +++ b/config/csi-rbac/rbd_nodeplugin_cluster_role_binding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-nodeplugin-crb +subjects: + - kind: ServiceAccount + name: rbd-nodeplugin-sa + namespace: system +roleRef: + kind: ClusterRole + name: rbd-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/csi_rbd_nodeplugin_role.yaml b/config/csi-rbac/rbd_nodeplugin_role.yaml similarity index 85% rename from config/rbac/csi_rbd_nodeplugin_role.yaml rename to config/csi-rbac/rbd_nodeplugin_role.yaml index d1de82a1..417f2eb3 100644 --- a/config/rbac/csi_rbd_nodeplugin_role.yaml +++ b/config/csi-rbac/rbd_nodeplugin_role.yaml @@ -1,7 +1,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-rbd-nodeplugin-r + name: rbd-nodeplugin-r rules: - apiGroups: ["csiaddons.openshift.io"] resources: ["csiaddonsnodes"] diff --git a/config/rbac/csi_cephfs_ctrlplugin_role_binding.yaml b/config/csi-rbac/rbd_nodeplugin_role_binding.yaml similarity index 65% rename from config/rbac/csi_cephfs_ctrlplugin_role_binding.yaml rename to config/csi-rbac/rbd_nodeplugin_role_binding.yaml index 7d88de5c..3b92f349 100644 --- a/config/rbac/csi_cephfs_ctrlplugin_role_binding.yaml +++ b/config/csi-rbac/rbd_nodeplugin_role_binding.yaml @@ -1,12 +1,12 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-cephfs-ctrlplugin-rb + name: rbd-nodeplugin-rb subjects: - kind: ServiceAccount - name: csi-cephfs-ctrlplugin-sa + name: rbd-nodeplugin-sa namespace: system roleRef: kind: Role - name: csi-cephfs-ctrlplugin-r + name: rbd-nodeplugin-r apiGroup: rbac.authorization.k8s.io diff --git a/config/csi-rbac/rbd_nodeplugin_service_account.yaml b/config/csi-rbac/rbd_nodeplugin_service_account.yaml new file mode 100644 index 00000000..bbd2bd5b --- /dev/null +++ b/config/csi-rbac/rbd_nodeplugin_service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbd-nodeplugin-sa + namespace: system diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 6869165f..0ab8ce8e 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -17,6 +17,7 @@ namePrefix: ceph-csi-operator- resources: - ../crd - ../rbac +- ../csi-rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/config/rbac/csi_cephfs_ctrlplugin_service_account.yaml b/config/rbac/csi_cephfs_ctrlplugin_service_account.yaml deleted file mode 100644 index cb9c9c35..00000000 --- a/config/rbac/csi_cephfs_ctrlplugin_service_account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-cephfs-ctrlplugin-sa - namespace: system diff --git a/config/rbac/csi_cephfs_nodeplugin_service_account.yaml b/config/rbac/csi_cephfs_nodeplugin_service_account.yaml deleted file mode 100644 index 67d33a33..00000000 --- a/config/rbac/csi_cephfs_nodeplugin_service_account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-cephfs-nodeplugin-sa - namespace: system diff --git a/config/rbac/csi_nfs_ctrlplugin_cluster_role_binding.yaml b/config/rbac/csi_nfs_ctrlplugin_cluster_role_binding.yaml deleted file mode 100644 index 6c773820..00000000 --- a/config/rbac/csi_nfs_ctrlplugin_cluster_role_binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-nfs-ctrlplugin-crb -subjects: - - kind: ServiceAccount - name: csi-nfs-ctrlplugin-sa - namespace: system -roleRef: - kind: ClusterRole - name: csi-nfs-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 6b096459..daa11a4c 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -30,23 +30,3 @@ resources: - operatorconfig_viewer_role.yaml - driver_editor_role.yaml - driver_viewer_role.yaml -# CSI operands have their own set of RBAC that need to be installed -# on the cluster. -- csi_cephfs_ctrlplugin_service_account.yaml -- csi_cephfs_ctrlplugin_cluster_role.yaml -- csi_cephfs_ctrlplugin_cluster_role_binding.yaml -- csi_cephfs_ctrlplugin_role.yaml -- csi_cephfs_ctrlplugin_role_binding.yaml -- csi_cephfs_nodeplugin_service_account.yaml -- csi_cephfs_nodeplugin_cluster_role.yaml -- csi_cephfs_nodeplugin_cluster_role_binding.yaml -- csi_rbd_ctrlplugin_service_account.yaml -- csi_rbd_ctrlplugin_cluster_role.yaml -- csi_rbd_ctrlplugin_cluster_role_binding.yaml -- csi_rbd_ctrlplugin_role.yaml -- csi_rbd_ctrlplugin_role_binding.yaml -- csi_rbd_nodeplugin_service_account.yaml -- csi_rbd_nodeplugin_cluster_role.yaml -- csi_rbd_nodeplugin_cluster_role_binding.yaml -- csi_rbd_nodeplugin_role.yaml -- csi_rbd_nodeplugin_role_binding.yaml