deploy: split out RBAC definitions

Splitting out the RBAC definitions into a separate file has the advantage that it can be used as-is without editing in other deployments. For example, the kubernetes-csi/docs example can use this rbac.yaml file instead of a local copy. While at it, the upstream external-provisioner RBAC file gets used, which fixes the too broad permissions for "endpoints".
2018-11-05 11:37:42 +01:00
parent 608b686729
commit d0dde33ecf
5 changed files with 189 additions and 55 deletions
--- a/README.md
+++ b/README.md
@@ -41,10 +41,10 @@ $ csi-snapshotter -kubeconfig ~/.kube/config -v 5 -csi-address /run/csi/socket

 ### Running in a statefulset

-It is necessary to create a new service account and give it enough privileges to run the snapshotter. We provide one omnipotent yaml file that creates everything that's necessary, however it should be split into multiple files in production.
+It is necessary to create a new service account and give it enough privileges to run the snapshotter. We provide .yaml files that deploy for use together with the hostpath example driver. A real production deployment must customize them:

 ```
-$ kubectl create -f deploy/kubernetes/statefulset.yaml
+$ for i in $(find deploy/kubernetes -name '*.yaml'); do kubectl create -f $i; done
 ```

 ## Testing