diff --git a/charts/rook-nfs-operator/v0.1.0/templates/rbac.yaml b/charts/rook-nfs-operator/v0.1.0/templates/rbac.yaml index 2f2f8dc..b17d443 100644 --- a/charts/rook-nfs-operator/v0.1.0/templates/rbac.yaml +++ b/charts/rook-nfs-operator/v0.1.0/templates/rbac.yaml @@ -91,4 +91,38 @@ rules: - get - patch - update +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-nfs-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["get"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["rook-nfs-policy"] + verbs: ["use"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: + - nfs.rook.io + resources: + - "*" + verbs: + - "*" {{ end }} \ No newline at end of file