From 114b6eb404fa00eabd2062896c9fb521e57f05a1 Mon Sep 17 00:00:00 2001 From: Praveen M Date: Mon, 27 Jan 2025 19:29:14 +0530 Subject: [PATCH] csi: update RBACs needed for csi-omap-generator sidecar ceph/ceph-csi/pull/4750 added a new controller that watches for the VolumeGroupReplicationContent CR and regenerates the OMAP data. This change needs RBACs for VolumeGroupReplicationContent and VolumeGroupReplicationClass CR. This commit updates the same for the `rbd-external-provisioner-runner` ClusterRole. Signed-off-by: Praveen M --- deploy/charts/rook-ceph/templates/clusterrole.yaml | 6 ++++++ deploy/examples/common.yaml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/deploy/charts/rook-ceph/templates/clusterrole.yaml b/deploy/charts/rook-ceph/templates/clusterrole.yaml index cc3735b7cc63..76f79d9221f9 100644 --- a/deploy/charts/rook-ceph/templates/clusterrole.yaml +++ b/deploy/charts/rook-ceph/templates/clusterrole.yaml @@ -655,6 +655,12 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationclasses"] + verbs: ["get", "list", "watch"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deploy/examples/common.yaml b/deploy/examples/common.yaml index c5c8d502fc15..08b9de99a8fb 100644 --- a/deploy/examples/common.yaml +++ b/deploy/examples/common.yaml @@ -216,6 +216,12 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationclasses"] + verbs: ["get", "list", "watch"] --- # The cluster role for managing all the cluster-specific resources in a namespace apiVersion: rbac.authorization.k8s.io/v1