728024e8ff
- cephfs-provisioner 06fddbe2 (https://github.com/kubernetes-incubator/external-storage/tree/06fddbe2/ceph/cephfs) Noteable changes from upstream: - Added storage class parameters to specify a root path within the backing cephfs and, optionally, use deterministic directory and user names (https://github.com/kubernetes-incubator/external-storage/pull/696) - Support capacity (https://github.com/kubernetes-incubator/external-storage/pull/770) - Enable metrics server (https://github.com/kubernetes-incubator/external-storage/pull/797) Other noteable changes: - Clean up legacy manifests file naming - Remove legacy manifests, namespace and storageclass before upgrade - `cephfs_provisioner_monitors` simplified as string - Default to new deterministic naming - Add `reclaimPolicy` support in StorageClass With legacy non-deterministic naming style (where $UUID are generated ramdonly): - cephfs_provisioner_claim_root: /volumes/kubernetes - cephfs_provisioner_deterministic_names: false - Generated CephFS volume: /volumes/kubernetes/kubernetes-dynamic-pvc-$UUID - Generated CephFS user: kubernetes-dynamic-user-$UUID With new default deterministic naming style (where $NAMESPACE and $PVC are predictable): - cephfs_provisioner_claim_root: /volumes - cephfs_provisioner_deterministic_names: true - Generated CephFS volume: /volumes/$NAMESPACE/$PVC - Generated CephFS user: k8s.$NAMESPACE.$PVC
22 lines
670 B
Django/Jinja
22 lines
670 B
Django/Jinja
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: cephfs-provisioner
|
|
namespace: {{ cephfs_provisioner_namespace }}
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumes"]
|
|
verbs: ["get", "list", "watch", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumeclaims"]
|
|
verbs: ["get", "list", "watch", "update"]
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["storageclasses"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["events"]
|
|
verbs: ["list", "watch", "create", "update", "patch"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "create", "delete"]
|