diff --git a/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-attacher.yaml b/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-attacher.yaml index 9d434d4c..5844316c 100644 --- a/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-attacher.yaml +++ b/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-attacher.yaml @@ -1,24 +1,19 @@ +# k8s.gcr.io/sig-storage/csi-attacher@v3.4.0 --- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-attacher rules: -- apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] -- apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] -- apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] diff --git a/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-provisioner.yaml b/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-provisioner.yaml index 6635b351..866479d3 100644 --- a/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-provisioner.yaml +++ b/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-provisioner.yaml @@ -1,27 +1,34 @@ +# k8s.gcr.io/sig-storage/csi-provisioner@v2.2.2 --- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-provisioner rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "patch"] -- apiGroups: [""] - resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"] - verbs: ["get", "list", "watch", "update", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] diff --git a/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-resizer.yaml b/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-resizer.yaml index 29abbe9c..1ff1dca9 100644 --- a/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-resizer.yaml +++ b/charts/internal/shoot-system-components/charts/csi-ionos/templates/clusterrole-csi-resizer.yaml @@ -1,9 +1,22 @@ +# k8s.gcr.io/sig-storage/csi-resizer@v1.4.0 --- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-resizer rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] diff --git a/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-attacher.yaml b/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-attacher.yaml index 59e82943..59a0f91b 100644 --- a/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-attacher.yaml +++ b/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-attacher.yaml @@ -1,6 +1,7 @@ +# k8s.gcr.io/sig-storage/csi-attacher@v3.4.0 --- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-attacher namespace: {{ .Release.Namespace }} diff --git a/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-provisioner.yaml b/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-provisioner.yaml index fd61396f..15965bfd 100644 --- a/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-provisioner.yaml +++ b/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-provisioner.yaml @@ -1,6 +1,7 @@ +# k8s.gcr.io/sig-storage/csi-provisioner@v2.2.2 --- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-provisioner namespace: {{ .Release.Namespace }} @@ -8,3 +9,12 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get"] +- apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] diff --git a/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-resizer.yaml b/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-resizer.yaml index ecacfd09..ae84ee44 100644 --- a/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-resizer.yaml +++ b/charts/internal/shoot-system-components/charts/csi-ionos/templates/role-csi-resizer.yaml @@ -1,6 +1,7 @@ +# k8s.gcr.io/sig-storage/csi-resizer@v1.4.0 --- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-resizer namespace: {{ .Release.Namespace }}