---
# Source: democratic-csi-synology-iscsi/charts/democratic-csi/templates/controller-rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: democratic-csi-synology-iscsi-controller-cr
  labels:
    app.kubernetes.io/name: democratic-csi
    helm.sh/chart: democratic-csi-0.15.0
    app.kubernetes.io/instance: democratic-csi-synology-iscsi
    app.kubernetes.io/managed-by: Helm
rules:
  # Allow listing and creating CRDs
  - apiGroups: ['apiextensions.k8s.io']
    resources: ['customresourcedefinitions']
    verbs: ['list', 'create']
  - apiGroups: ['']
    resources: ['persistentvolumes']
    verbs: ['create', 'delete', 'get', 'list', 'watch', 'update', 'patch']
  - apiGroups: ['']
    resources: ['secrets']
    verbs: ['get', 'list']
  - apiGroups: ['']
    resources: ['pods']
    verbs: ['get', 'list', 'watch']
  - apiGroups: ['']
    resources: ['persistentvolumeclaims']
    verbs: ['get', 'list', 'watch', 'update', 'patch']
  - apiGroups: ['']
    resources: ['persistentvolumeclaims/status']
    verbs: ['get', 'list', 'watch', 'update', 'patch']
  - apiGroups: ['']
    resources: ['nodes']
    verbs: ['get', 'list', 'watch']
  - apiGroups: ['storage.k8s.io']
    resources: ['volumeattachments']
    verbs: ['get', 'list', 'watch', 'update', 'patch']
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
  - apiGroups: ['storage.k8s.io']
    resources: ['storageclasses']
    verbs: ['get', 'list', 'watch']
  - apiGroups: ['csi.storage.k8s.io']
    resources: ['csidrivers']
    verbs: ['get', 'list', 'watch', 'update', 'create']
  - apiGroups: ['']
    resources: ['events']
    verbs: ['list', 'watch', 'create', 'update', 'patch']
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ['snapshot.storage.k8s.io']
    resources: ['volumesnapshots/status']
    verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
    verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
    verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
    verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["csi.storage.k8s.io"]
    resources: ["csinodeinfos"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]
  # capacity rbac
  - apiGroups: ["storage.k8s.io"]
    resources: ["csistoragecapacities"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get"]
  - apiGroups: ["apps"]
    resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
    verbs: ["get"]