Skip to content

Commit

Permalink
csi: add token create rbac for rbd csi clusterrole
Browse files Browse the repository at this point in the history 
This rbac is required to fetch serviceaccount
token for vault tenant sa encryption type on k8s 1.24+.
refer: ceph/ceph-csi#3174

Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit 623c515)
  • Loading branch information
@Rakshith-R @mergify
Rakshith-R authored and mergify[bot] committed Jun 19, 2022
1 parent bd689ba commit 54bf464
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
6 changes: 6 additions & 0 deletions deploy/charts/rook-ceph/templates/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -522,6 +522,9 @@ rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -588,4 +591,7 @@ rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
{{- end }}
6 changes: 6 additions & 0 deletions deploy/examples/common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,9 @@ rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -194,6 +197,9 @@ rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
---
# The cluster role for managing all the cluster-specific resources in a namespace
apiVersion: rbac.authorization.k8s.io/v1
Expand Down

0 comments on commit 54bf464

Please sign in to comment.