Skip to content

Commit 589aa43

Browse files
Madhu-1Madhu-1
authored
Merge pull request #197 from bipuladh/token-review
Add TokenReview RBAC to support CSI addons security enhancements
2 parents 6d94112 + cc274a8 commit 589aa43

File tree

5 files changed

+45
-0
lines changed

5 files changed

+45
-0
lines changed

config/csi-rbac/cephfs_ctrlplugin_role.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,6 @@ rules:
1818
- apiGroups: ["apps"]
1919
resources: ["deployments/finalizers", "daemonsets/finalizers"]
2020
verbs: ["update"]
21+
- apiGroups: ["authentication.k8s.io"]
22+
resources: ["tokenreviews"]
23+
verbs: ["create"]

config/csi-rbac/rbd_ctrlplugin_role.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,6 @@ rules:
1818
- apiGroups: ["apps"]
1919
resources: ["deployments/finalizers", "daemonsets/finalizers"]
2020
verbs: ["update"]
21+
- apiGroups: ["authentication.k8s.io"]
22+
resources: ["tokenreviews"]
23+
verbs: ["create"]

config/csi-rbac/rbd_nodeplugin_role.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,6 @@ rules:
1515
- apiGroups: ["apps"]
1616
resources: ["deployments/finalizers", "daemonsets/finalizers"]
1717
verbs: ["update"]
18+
- apiGroups: ["authentication.k8s.io"]
19+
resources: ["tokenreviews"]
20+
verbs: ["create"]

deploy/all-in-one/install.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14120,6 +14120,12 @@ rules:
1412014120
- daemonsets/finalizers
1412114121
verbs:
1412214122
- update
14123+
- apiGroups:
14124+
- authentication.k8s.io
14125+
resources:
14126+
- tokenreviews
14127+
verbs:
14128+
- create
1412314129
---
1412414130
apiVersion: rbac.authorization.k8s.io/v1
1412514131
kind: Role
@@ -14207,6 +14213,12 @@ rules:
1420714213
- daemonsets/finalizers
1420814214
verbs:
1420914215
- update
14216+
- apiGroups:
14217+
- authentication.k8s.io
14218+
resources:
14219+
- tokenreviews
14220+
verbs:
14221+
- create
1421014222
---
1421114223
apiVersion: rbac.authorization.k8s.io/v1
1421214224
kind: Role
@@ -14242,6 +14254,12 @@ rules:
1424214254
- daemonsets/finalizers
1424314255
verbs:
1424414256
- update
14257+
- apiGroups:
14258+
- authentication.k8s.io
14259+
resources:
14260+
- tokenreviews
14261+
verbs:
14262+
- create
1424514263
---
1424614264
apiVersion: rbac.authorization.k8s.io/v1
1424714265
kind: ClusterRole

deploy/multifile/csi-rbac.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,12 @@ rules:
7979
- daemonsets/finalizers
8080
verbs:
8181
- update
82+
- apiGroups:
83+
- authentication.k8s.io
84+
resources:
85+
- tokenreviews
86+
verbs:
87+
- create
8288
---
8389
apiVersion: rbac.authorization.k8s.io/v1
8490
kind: Role
@@ -125,6 +131,12 @@ rules:
125131
- daemonsets/finalizers
126132
verbs:
127133
- update
134+
- apiGroups:
135+
- authentication.k8s.io
136+
resources:
137+
- tokenreviews
138+
verbs:
139+
- create
128140
---
129141
apiVersion: rbac.authorization.k8s.io/v1
130142
kind: Role
@@ -160,6 +172,12 @@ rules:
160172
- daemonsets/finalizers
161173
verbs:
162174
- update
175+
- apiGroups:
176+
- authentication.k8s.io
177+
resources:
178+
- tokenreviews
179+
verbs:
180+
- create
163181
---
164182
apiVersion: rbac.authorization.k8s.io/v1
165183
kind: ClusterRole

0 commit comments

Comments
 (0)