aboutsummaryrefslogtreecommitdiffstats
path: root/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml')
-rw-r--r--vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml165
1 files changed, 0 insertions, 165 deletions
diff --git a/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml b/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml
deleted file mode 100644
index 58a24d47..00000000
--- a/vnfs/DAaaS/00-init/rook-ceph/templates/clusterrole.yaml
+++ /dev/null
@@ -1,165 +0,0 @@
-{{- if .Values.rbacEnable }}
-# The cluster role for managing all the cluster-specific resources in a namespace
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: rook-ceph-cluster-mgmt
- labels:
- operator: rook
- storage-backend: ceph
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- - pods
- - pods/log
- - services
- - configmaps
- verbs:
- - get
- - list
- - watch
- - patch
- - create
- - update
- - delete
-- apiGroups:
- - extensions
- resources:
- - deployments
- - daemonsets
- - replicasets
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - delete
----
-# The cluster role for managing the Rook CRDs
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: rook-ceph-global
- labels:
- operator: rook
- storage-backend: ceph
-rules:
-- apiGroups:
- - ""
- resources:
- # Pod access is needed for fencing
- - pods
- # Node access is needed for determining nodes where mons should run
- - nodes
- - nodes/proxy
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- # PVs and PVCs are managed by the Rook provisioner
- - persistentvolumes
- - persistentvolumeclaims
- verbs:
- - get
- - list
- - watch
- - patch
- - create
- - update
- - delete
-- apiGroups:
- - storage.k8s.io
- resources:
- - storageclasses
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - batch
- resources:
- - jobs
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - delete
-- apiGroups:
- - ceph.rook.io
- resources:
- - "*"
- verbs:
- - "*"
-- apiGroups:
- - rook.io
- resources:
- - "*"
- verbs:
- - "*"
----
-# Aspects of ceph-mgr that require cluster-wide access
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: rook-ceph-mgr-cluster
- labels:
- operator: rook
- storage-backend: ceph
-rules:
-- apiGroups:
- - ""
- resources:
- - configmaps
- - nodes
- - nodes/proxy
- verbs:
- - get
- - list
- - watch
-{{- if ((.Values.agent) and .Values.agent.mountSecurityMode) and ne .Values.agent.mountSecurityMode "Any" }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: rook-ceph-agent-mount
- labels:
- operator: rook
- storage-backend: ceph
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
-{{- end }}
-{{- if .Values.pspEnable }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: rook-ceph-system-psp-user
- labels:
- operator: rook
- storage-backend: ceph
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-rules:
-- apiGroups:
- - extensions
- resources:
- - podsecuritypolicies
- resourceNames:
- - 00-rook-ceph-operator
- verbs:
- - use
-{{- end }}
-{{- end }}