Skip to content

Commit

Permalink
Merge pull request #197 from bipuladh/token-review
Browse files Browse the repository at this point in the history 
Add TokenReview RBAC to support CSI addons security enhancements
  • Loading branch information
@Madhu-1
Madhu-1 authored Jan 27, 2025
2 parents 6d94112 + cc274a8 commit 589aa43
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 0 deletions.
3 changes: 3 additions & 0 deletions config/csi-rbac/cephfs_ctrlplugin_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,6 @@ rules:
- apiGroups: ["apps"]
resources: ["deployments/finalizers", "daemonsets/finalizers"]
verbs: ["update"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
3 changes: 3 additions & 0 deletions config/csi-rbac/rbd_ctrlplugin_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,6 @@ rules:
- apiGroups: ["apps"]
resources: ["deployments/finalizers", "daemonsets/finalizers"]
verbs: ["update"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
3 changes: 3 additions & 0 deletions config/csi-rbac/rbd_nodeplugin_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,6 @@ rules:
- apiGroups: ["apps"]
resources: ["deployments/finalizers", "daemonsets/finalizers"]
verbs: ["update"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
18 changes: 18 additions & 0 deletions deploy/all-in-one/install.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14120,6 +14120,12 @@ rules:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
Expand Down Expand Up @@ -14207,6 +14213,12 @@ rules:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
Expand Down Expand Up @@ -14242,6 +14254,12 @@ rules:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down
18 changes: 18 additions & 0 deletions deploy/multifile/csi-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,12 @@ rules:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
Expand Down Expand Up @@ -125,6 +131,12 @@ rules:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
Expand Down Expand Up @@ -160,6 +172,12 @@ rules:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down

0 comments on commit 589aa43

Please sign in to comment.