Merge pull request #230 from guptaNswati/add-deployment-permissions

guptaNswati · web-flow · commit fe6460971af3 · 2025-01-30T17:31:45.000-08:00
Add rbac for deployment
diff --git a/deployments/helm/k8s-dra-driver/templates/clusterrole.yaml b/deployments/helm/k8s-dra-driver/templates/clusterrole.yaml
@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "k8s-dra-driver.fullname" . }}-role
+  name: {{ include "k8s-dra-driver.fullname" . }}-cluster-role
   namespace: {{ include "k8s-dra-driver.namespace" . }}
 rules:
 - apiGroups: ["resource.k8s.io"]
diff --git a/deployments/helm/k8s-dra-driver/templates/clusterrolebinding.yaml b/deployments/helm/k8s-dra-driver/templates/clusterrolebinding.yaml
@@ -2,13 +2,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "k8s-dra-driver.fullname" . }}-role-binding
+  name: {{ include "k8s-dra-driver.fullname" . }}-cluster-role-binding
   namespace: {{ include "k8s-dra-driver.namespace" . }}
 subjects:
 - kind: ServiceAccount
   name: {{ include "k8s-dra-driver.serviceAccountName" . }}
   namespace: {{ include "k8s-dra-driver.namespace" . }}
 roleRef:
   kind: ClusterRole
-  name: {{ include "k8s-dra-driver.fullname" . }}-role
+  name: {{ include "k8s-dra-driver.fullname" . }}-cluster-role
   apiGroup: rbac.authorization.k8s.io
diff --git a/deployments/helm/k8s-dra-driver/templates/role.yaml b/deployments/helm/k8s-dra-driver/templates/role.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "k8s-dra-driver.fullname" . }}-role
+  namespace: {{ include "k8s-dra-driver.namespace" . }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
diff --git a/deployments/helm/k8s-dra-driver/templates/rolebinding.yaml b/deployments/helm/k8s-dra-driver/templates/rolebinding.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "k8s-dra-driver.fullname" . }}-role-binding
+  namespace: {{ include "k8s-dra-driver.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "k8s-dra-driver.serviceAccountName" . }}
+  namespace: {{ include "k8s-dra-driver.namespace" . }}
+roleRef:
+  kind: Role
+  name: {{ include "k8s-dra-driver.fullname" . }}-role
+  apiGroup: rbac.authorization.k8s.io
