From 119504c0045dee877b4b0298ee3f532d3ca690ec Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Wed, 27 Feb 2019 16:44:46 +0530
Subject: [PATCH] Add role and rolebinding for cephfs

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 .../helm/templates/provisioner-role.yaml      | 19 +++++++++++++++++
 .../templates/provisioner-rolebinding.yaml    | 21 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 deploy/cephfs/helm/templates/provisioner-role.yaml
 create mode 100644 deploy/cephfs/helm/templates/provisioner-rolebinding.yaml

diff --git a/deploy/cephfs/helm/templates/provisioner-role.yaml b/deploy/cephfs/helm/templates/provisioner-role.yaml
new file mode 100644
index 000000000..c6f28c40e
--- /dev/null
+++ b/deploy/cephfs/helm/templates/provisioner-role.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}} 
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+{{- end -}}
diff --git a/deploy/cephfs/helm/templates/provisioner-rolebinding.yaml b/deploy/cephfs/helm/templates/provisioner-rolebinding.yaml
new file mode 100644
index 000000000..63dc9503b
--- /dev/null
+++ b/deploy/cephfs/helm/templates/provisioner-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+  namespace: {{ .Release.Namespace }}
+{{- end -}}