Update secret-store rbac
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
b883b17fe7
commit
766e34dbf3
3 changed files with 34 additions and 7 deletions
|
|
@ -12,8 +12,6 @@ spec:
|
||||||
labels:
|
labels:
|
||||||
app: csi-secrets-store
|
app: csi-secrets-store
|
||||||
spec:
|
spec:
|
||||||
nodeSelector:
|
|
||||||
beta.kubernetes.io/os: linux
|
|
||||||
serviceAccountName: secrets-store-csi-driver
|
serviceAccountName: secrets-store-csi-driver
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
containers:
|
containers:
|
||||||
|
|
@ -45,12 +43,13 @@ spec:
|
||||||
- name: registration-dir
|
- name: registration-dir
|
||||||
mountPath: /registration
|
mountPath: /registration
|
||||||
- name: secrets-store
|
- name: secrets-store
|
||||||
image: docker.io/deislabs/secrets-store-csi:v0.0.11
|
image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.12
|
||||||
args:
|
args:
|
||||||
- "--debug=true"
|
- "--debug=true"
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
- "--nodeid=$(KUBE_NODE_NAME)"
|
- "--nodeid=$(KUBE_NODE_NAME)"
|
||||||
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
|
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
|
||||||
|
- "--metrics-addr=:8080"
|
||||||
env:
|
env:
|
||||||
- name: CSI_ENDPOINT
|
- name: CSI_ENDPOINT
|
||||||
value: unix:///csi/csi.sock
|
value: unix:///csi/csi.sock
|
||||||
|
|
@ -83,12 +82,13 @@ spec:
|
||||||
- name: providers-dir
|
- name: providers-dir
|
||||||
mountPath: /etc/kubernetes/secrets-store-csi-providers
|
mountPath: /etc/kubernetes/secrets-store-csi-providers
|
||||||
- name: liveness-probe
|
- name: liveness-probe
|
||||||
image: quay.io/k8scsi/livenessprobe:v1.1.0
|
image: quay.io/k8scsi/livenessprobe:v2.0.0
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
args:
|
args:
|
||||||
- --csi-address=/csi/csi.sock
|
- --csi-address=/csi/csi.sock
|
||||||
- --probe-timeout=3s
|
- --probe-timeout=3s
|
||||||
- --health-port=9808
|
- --health-port=9808
|
||||||
|
- -v=2
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: plugin-dir
|
- name: plugin-dir
|
||||||
mountPath: /csi
|
mountPath: /csi
|
||||||
|
|
@ -109,3 +109,5 @@ spec:
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/kubernetes/secrets-store-csi-providers
|
path: /etc/kubernetes/secrets-store-csi-providers
|
||||||
type: DirectoryOrCreate
|
type: DirectoryOrCreate
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ rules:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- update
|
- update
|
||||||
|
- watch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- secrets-store.csi.x-k8s.io
|
- secrets-store.csi.x-k8s.io
|
||||||
resources:
|
resources:
|
||||||
|
|
@ -19,6 +20,7 @@ rules:
|
||||||
- get
|
- get
|
||||||
- patch
|
- patch
|
||||||
- update
|
- update
|
||||||
|
- watch
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|
@ -28,3 +30,26 @@ rules:
|
||||||
- delete
|
- delete
|
||||||
- get
|
- get
|
||||||
- update
|
- update
|
||||||
|
- patch
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- secrets-store.csi.x-k8s.io
|
||||||
|
resources:
|
||||||
|
- secretproviderclasspodstatuses
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- secrets-store.csi.x-k8s.io
|
||||||
|
resources:
|
||||||
|
- secretproviderclasspodstatuses/status
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.2.4
|
controller-gen.kubebuilder.io/version: v0.3.0
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
name: secretproviderclasses.secrets-store.csi.x-k8s.io
|
name: secretproviderclasses.secrets-store.csi.x-k8s.io
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -21,12 +21,12 @@ spec:
|
||||||
apiVersion:
|
apiVersion:
|
||||||
description: 'APIVersion defines the versioned schema of this representation
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
of an object. Servers should convert recognized schemas to the latest
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
type: string
|
type: string
|
||||||
kind:
|
kind:
|
||||||
description: 'Kind is a string value representing the REST resource this
|
description: 'Kind is a string value representing the REST resource this
|
||||||
object represents. Servers may infer this from the endpoint the client
|
object represents. Servers may infer this from the endpoint the client
|
||||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
type: object
|
type: object
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue