Deploy local-path with helm
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
fdbebb2d57
commit
74333953a8
GPG key ID:
DA7B27055C66D6DE
18 changed files with 211 additions and 224 deletions
49
files/local-path/ClusterRole.yml
Normal file
49
files/local-path/ClusterRole.yml
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: local-path-provisioner
|
||||
app.kubernetes.io/name: local-path-provisioner
|
||||
name: local-path-provisioner
|
||||
rules:
|
||||
- apiGroups:
|
||||
- policy
|
||||
resourceNames:
|
||||
- local-path-policy
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- persistentvolumeclaims
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
- persistentvolumes
|
||||
- pods
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- storage.k8s.io
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
15
files/local-path/ClusterRoleBinding.yml
Normal file
15
files/local-path/ClusterRoleBinding.yml
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: local-path-provisioner
|
||||
app.kubernetes.io/name: local-path-provisioner
|
||||
name: local-path-provisioner
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: local-path-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: local-path-provisioner
|
||||
namespace: local-path-storage
|
||||
24
files/local-path/PodSecurityPolicy.yml
Normal file
24
files/local-path/PodSecurityPolicy.yml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: local-path-policy
|
||||
spec:
|
||||
privileged: true
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
allowedCapabilities:
|
||||
- DAC_READ_SEARCH
|
||||
- SYS_RESOURCE
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- persistentVolumeClaim
|
||||
- secret
|
||||
- hostPath
|
||||
7
files/local-path/ServiceAccount.yml
Normal file
7
files/local-path/ServiceAccount.yml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: local-path-provisioner
|
||||
app.kubernetes.io/name: local-path-provisioner
|
||||
name: local-path-provisioner
|
||||
Loading…
Add table
Add a link
Reference in a new issue