Skip to content

Commit

Permalink
Merge pull request rook#10244 from y1r/add-psp
Browse files Browse the repository at this point in the history 
build: add psp for missing roles
  • Loading branch information
@travisn
travisn authored May 11, 2022
2 parents 7185129 + 1ccc185 commit bb58123
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
28 changes: 28 additions & 0 deletions deploy/charts/library/templates/_cluster-psp.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,20 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rook-ceph-rgw-psp
namespace: {{ .Release.Namespace }} # namespace:cluster
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:rook
subjects:
- kind: ServiceAccount
name: rook-ceph-rgw
namespace: {{ .Release.Namespace }} # namespace:cluster
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rook-ceph-mgr-psp
namespace: {{ .Release.Namespace }} # namespace:cluster
Expand All @@ -61,4 +75,18 @@ subjects:
- kind: ServiceAccount
name: rook-ceph-cmd-reporter
namespace: {{ .Release.Namespace }} # namespace:cluster
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rook-ceph-purge-osd-psp
namespace: {{ .Release.Namespace }} # namespace:cluster
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:rook
subjects:
- kind: ServiceAccount
name: rook-ceph-purge-osd
namespace: {{ .Release.Namespace }} # namespace:cluster
{{- end }}
28 changes: 28 additions & 0 deletions deploy/examples/common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1227,6 +1227,20 @@ subjects:
name: rook-ceph-purge-osd
namespace: rook-ceph # namespace:cluster
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rook-ceph-purge-osd-psp
namespace: rook-ceph # namespace:cluster
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:rook
subjects:
- kind: ServiceAccount
name: rook-ceph-purge-osd
namespace: rook-ceph # namespace:cluster
---
# Allow the rgw pods in this namespace to work with configmaps
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -1242,6 +1256,20 @@ subjects:
name: rook-ceph-rgw
namespace: rook-ceph # namespace:cluster
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rook-ceph-rgw-psp
namespace: rook-ceph # namespace:cluster
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: psp:rook
subjects:
- kind: ServiceAccount
name: rook-ceph-rgw
namespace: rook-ceph # namespace:cluster
---
# Grant the operator, agent, and discovery agents access to resources in the rook-ceph-system namespace
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down

0 comments on commit bb58123

Please sign in to comment.