diff options
| author |   Dileep Ranganathan <dileep.ranganathan@intel.com> | 2019-05-30 12:38:37 -0700 |
|---|---|---|
| committer | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2019-05-30 21:11:52 +0000 |
| commit | 3d5a3e06530c1250d48f7d838c619f3bfbcd019d (patch) | |
| tree | 349e370c43ce7318b3f7eb7736345de6872cbef2 /vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml | |
| parent | 31802660dfe74a8671ae29789f0018f0f887ea1a (diff) | |
Refactor Distributed Analytics project structure
Modified the project structure to improve maintainability and to add future CI and
integration test support.
Change-Id: Id30bfb1f83f23785a6b5f99e81f42f752d59c0f8
Issue-ID: ONAPARC-280
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
Diffstat (limited to 'vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml')
| -rw-r--r-- | vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml | 165 |
1 files changed, 0 insertions, 165 deletions
diff --git a/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml b/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml deleted file mode 100644 index 58a24d47..00000000 --- a/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if .Values.rbacEnable }} -# The cluster role for managing all the cluster-specific resources in a namespace -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: rook-ceph-cluster-mgmt - labels: - operator: rook - storage-backend: ceph -rules: -- apiGroups: - - "" - resources: - - secrets - - pods - - pods/log - - services - - configmaps - verbs: - - get - - list - - watch - - patch - - create - - update - - delete -- apiGroups: - - extensions - resources: - - deployments - - daemonsets - - replicasets - verbs: - - get - - list - - watch - - create - - update - - delete ---- -# The cluster role for managing the Rook CRDs -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: rook-ceph-global - labels: - operator: rook - storage-backend: ceph -rules: -- apiGroups: - - "" - resources: - # Pod access is needed for fencing - - pods - # Node access is needed for determining nodes where mons should run - - nodes - - nodes/proxy - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - # PVs and PVCs are managed by the Rook provisioner - - persistentvolumes - - persistentvolumeclaims - verbs: - - get - - list - - watch - - patch - - create - - update - - delete -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - ceph.rook.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - rook.io - resources: - - "*" - verbs: - - "*" ---- -# Aspects of ceph-mgr that require cluster-wide access -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: rook-ceph-mgr-cluster - labels: - operator: rook - storage-backend: ceph -rules: -- apiGroups: - - "" - resources: - - configmaps - - nodes - - nodes/proxy - verbs: - - get - - list - - watch -{{- if ((.Values.agent) and .Values.agent.mountSecurityMode) and ne .Values.agent.mountSecurityMode "Any" }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: rook-ceph-agent-mount - labels: - operator: rook - storage-backend: ceph -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -{{- end }} -{{- if .Values.pspEnable }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: rook-ceph-system-psp-user - labels: - operator: rook - storage-backend: ceph - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -rules: -- apiGroups: - - extensions - resources: - - podsecuritypolicies - resourceNames: - - 00-rook-ceph-operator - verbs: - - use -{{- end }} -{{- end }} |