gitea-bot
7a96d06727
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2259 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
30 lines
1.0 KiB
YAML
30 lines
1.0 KiB
YAML
---
|
|
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: rook-ceph-osd
|
|
namespace: rook-ceph # namespace:cluster
|
|
labels:
|
|
operator: rook
|
|
storage-backend: ceph
|
|
app.kubernetes.io/name: rook-ceph
|
|
app.kubernetes.io/instance: rook-ceph
|
|
app.kubernetes.io/version: v1.18.8
|
|
app.kubernetes.io/part-of: rook-ceph-operator
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/created-by: helm
|
|
helm.sh/chart: "rook-ceph-v1.18.8"
|
|
rules:
|
|
# this is needed for rook's "key-management" CLI to fetch the vault token from the secret when
|
|
# validating the connection details and for key rotation operations.
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "update"]
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["get", "list", "watch", "create", "update", "delete"]
|
|
- apiGroups: ["ceph.rook.io"]
|
|
resources: ["cephclusters", "cephclusters/finalizers"]
|
|
verbs: ["get", "list", "create", "update", "delete"]
|