csi: update RBACs needed for csi-omap-generator sidecar

ceph/ceph-csi/pull/4750 added a new controller that watches for the VolumeGroupReplicationContent CR and regenerates the OMAP data. This change needs RBACs for VolumeGroupReplicationContent and VolumeGroupReplicationClass CR. This commit updates the same for the `rbd-external-provisioner-runner` ClusterRole. Signed-off-by: Praveen M <[email protected]>
iPraveenParihar · Jan 29, 2025 · 114b6eb · 114b6eb
1 parent 7031e92
commit 114b6eb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/deploy/charts/rook-ceph/templates/clusterrole.yaml b/deploy/charts/rook-ceph/templates/clusterrole.yaml
@@ -655,6 +655,12 @@ rules:
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationcontents"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationclasses"]
+    verbs: ["get", "list", "watch"]
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/deploy/examples/common.yaml b/deploy/examples/common.yaml
@@ -216,6 +216,12 @@ rules:
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationcontents"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationclasses"]
+    verbs: ["get", "list", "watch"]
 ---
 # The cluster role for managing all the cluster-specific resources in a namespace
 apiVersion: rbac.authorization.k8s.io/v1