From 73a070d6a727ac72a95c861facf37523e665fa52 Mon Sep 17 00:00:00 2001 From: Rewant Soni Date: Mon, 11 Nov 2024 12:53:08 +0530 Subject: [PATCH] csiaddons: add rbac permission for setting ownerRef csiaddons require new RBAC permission for setting onwerRef on csiaddonsnode obj, going to be owned by either a deployment or a daemonsets Signed-off-by: Rewant Soni --- config/csi-rbac/cephfs_ctrlplugin_role.yaml | 3 +++ config/csi-rbac/rbd_ctrlplugin_role.yaml | 3 +++ config/csi-rbac/rbd_nodeplugin_role.yaml | 3 +++ deploy/all-in-one/install.yaml | 21 +++++++++++++++++++++ deploy/multifile/csi-rbac.yaml | 21 +++++++++++++++++++++ 5 files changed, 51 insertions(+) diff --git a/config/csi-rbac/cephfs_ctrlplugin_role.yaml b/config/csi-rbac/cephfs_ctrlplugin_role.yaml index 79937014..cabfb628 100644 --- a/config/csi-rbac/cephfs_ctrlplugin_role.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_role.yaml @@ -15,3 +15,6 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments/finalizers", "daemonsets/finalizers"] + verbs: ["update"] diff --git a/config/csi-rbac/rbd_ctrlplugin_role.yaml b/config/csi-rbac/rbd_ctrlplugin_role.yaml index ab8b74e7..9be22152 100644 --- a/config/csi-rbac/rbd_ctrlplugin_role.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_role.yaml @@ -15,3 +15,6 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments/finalizers", "daemonsets/finalizers"] + verbs: ["update"] diff --git a/config/csi-rbac/rbd_nodeplugin_role.yaml b/config/csi-rbac/rbd_nodeplugin_role.yaml index 436bfcd6..ae895ffc 100644 --- a/config/csi-rbac/rbd_nodeplugin_role.yaml +++ b/config/csi-rbac/rbd_nodeplugin_role.yaml @@ -12,3 +12,6 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments/finalizers", "daemonsets/finalizers"] + verbs: ["update"] diff --git a/deploy/all-in-one/install.yaml b/deploy/all-in-one/install.yaml index 56645ff4..0a82cfc2 100644 --- a/deploy/all-in-one/install.yaml +++ b/deploy/all-in-one/install.yaml @@ -14112,6 +14112,13 @@ rules: - replicasets verbs: - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -14191,6 +14198,13 @@ rules: - replicasets verbs: - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -14218,6 +14232,13 @@ rules: - replicasets verbs: - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/deploy/multifile/csi-rbac.yaml b/deploy/multifile/csi-rbac.yaml index 7a644ee6..935328f3 100644 --- a/deploy/multifile/csi-rbac.yaml +++ b/deploy/multifile/csi-rbac.yaml @@ -71,6 +71,13 @@ rules: - replicasets verbs: - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -109,6 +116,13 @@ rules: - replicasets verbs: - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -136,6 +150,13 @@ rules: - replicasets verbs: - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole