Skip to content

Commit 41c747f

Browse files
uhthomasuhthomas
committed
chore(k8s/magiclove/rook-ceph): upgrade to v1.17.8
1 parent 0d724c3 commit 41c747f

File tree

5 files changed

+699
-55
lines changed

5 files changed

+699
-55
lines changed

k8s/magiclove/rook_ceph/BUILD.bazel

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ cue_library(
3030
"//cue.mod/gen/github.com/VictoriaMetrics/operator/api/operator/v1beta1:cue_v1beta1_library",
3131
"//cue.mod/gen/github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1:cue_v1_library",
3232
"//cue.mod/gen/github.com/rook/rook/pkg/apis/ceph.rook.io/v1:cue_v1_library",
33-
"//cue.mod/gen/k8s.io/api/admissionregistration/v1:cue_v1_library",
3433
"//cue.mod/gen/k8s.io/api/apps/v1:cue_v1_library",
3534
"//cue.mod/gen/k8s.io/api/batch/v1:cue_v1_library",
3635
"//cue.mod/gen/k8s.io/api/coordination/v1:cue_v1_library",

k8s/magiclove/rook_ceph/cluster_role_list.cue

Lines changed: 59 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package rook_ceph
22

33
import (
4-
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
54
appsv1 "k8s.io/api/apps/v1"
65
batchv1 "k8s.io/api/batch/v1"
76
"k8s.io/api/core/v1"
@@ -26,13 +25,37 @@ import (
2625
apiGroups: [v1.#GroupName]
2726
resources: ["nodes"]
2827
verbs: ["get"]
28+
}, {
29+
apiGroups: [v1.#GroupName]
30+
resources: ["secrets"]
31+
verbs: ["get"]
32+
}, {
33+
apiGroups: [v1.#GroupName]
34+
resources: ["configmaps"]
35+
verbs: ["get"]
36+
}, {
37+
apiGroups: [v1.#GroupName]
38+
resources: ["serviceaccounts"]
39+
verbs: ["get"]
40+
}, {
41+
apiGroups: [v1.#GroupName]
42+
resources: ["serviceaccounts/token"]
43+
verbs: ["create"]
2944
}]
3045
}, {
3146
metadata: name: "cephfs-external-provisioner-runner"
3247
rules: [{
3348
apiGroups: [v1.#GroupName]
3449
resources: ["secrets"]
3550
verbs: ["get", "list"]
51+
}, {
52+
apiGroups: [v1.#GroupName]
53+
resources: ["configmaps"]
54+
verbs: ["get"]
55+
}, {
56+
apiGroups: [v1.#GroupName]
57+
resources: ["nodes"]
58+
verbs: ["get", "list", "watch"]
3659
}, {
3760
apiGroups: [storagev1.#GroupName]
3861
resources: ["csinodes"]
@@ -93,6 +116,18 @@ import (
93116
apiGroups: ["groupsnapshot.storage.k8s.io"]
94117
resources: ["volumegroupsnapshotcontents/status"]
95118
verbs: ["update", "patch"]
119+
}, {
120+
apiGroups: [v1.#GroupName]
121+
resources: ["serviceaccounts"]
122+
verbs: ["get"]
123+
}, {
124+
apiGroups: [v1.#GroupName]
125+
resources: ["serviceaccounts/token"]
126+
verbs: ["create"]
127+
}, {
128+
apiGroups: ["authentication.k8s.io"]
129+
resources: ["tokenreviews"]
130+
verbs: ["create"]
96131
}]
97132
}, {
98133
metadata: {
@@ -131,6 +166,10 @@ import (
131166
apiGroups: [v1.#GroupName]
132167
resources: ["nodes"]
133168
verbs: ["get"]
169+
}, {
170+
apiGroups: ["authentication.k8s.io"]
171+
resources: ["tokenreviews"]
172+
verbs: ["create"]
134173
}]
135174
}, {
136175
metadata: name: "rbd-external-provisioner-runner"
@@ -218,6 +257,22 @@ import (
218257
apiGroups: [v1.#GroupName]
219258
resources: ["nodes"]
220259
verbs: ["get", "list", "watch"]
260+
}, {
261+
apiGroups: ["gateway.networking.k8s.io"]
262+
resources: ["referencegrants"]
263+
verbs: ["get", "list", "watch"]
264+
}, {
265+
apiGroups: ["replication.storage.openshift.io"]
266+
resources: ["volumegroupreplicationcontents"]
267+
verbs: ["get", "list", "watch"]
268+
}, {
269+
apiGroups: ["replication.storage.openshift.io"]
270+
resources: ["volumegroupreplicationclasses"]
271+
verbs: ["get", "list", "watch"]
272+
}, {
273+
apiGroups: ["authentication.k8s.io"]
274+
resources: ["tokenreviews"]
275+
verbs: ["create"]
221276
}]
222277
}, {
223278
metadata: {
@@ -247,8 +302,8 @@ import (
247302
resources: ["pods", "nodes", "nodes/proxy", "secrets", "configmaps"]
248303
verbs: ["get", "list", "watch"]
249304
}, {
250-
apiGroups: [v1.#GroupName]
251-
resources: ["events", "persistentvolumes", "persistentvolumeclaims", "endpoints", "services"]
305+
apiGroups: [v1.#GroupName, "discovery.k8s.io"]
306+
resources: ["events", "persistentvolumes", "persistentvolumeclaims", "endpoints", "services", "endpointslices", "endpointslices/restricted"]
252307
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"]
253308
}, {
254309
apiGroups: [storagev1.#GroupName]
@@ -259,7 +314,6 @@ import (
259314
resources: ["jobs", "cronjobs"]
260315
verbs: ["get", "list", "watch", "create", "update", "delete", "deletecollection"]
261316
}, {
262-
// The Rook operator must be able to watch all ceph.rook.io resources to reconcile them.
263317
apiGroups: ["ceph.rook.io"]
264318
resources: [
265319
"cephclients",
@@ -282,8 +336,6 @@ import (
282336
]
283337
verbs: ["get", "list", "watch", "update"]
284338
}, {
285-
// Ideally the update permission is not required, but Rook needs it to add finalizers to resources.
286-
// Rook must have update access to status subresources for its custom resources.
287339
apiGroups: ["ceph.rook.io"]
288340
resources: [
289341
"cephclients/status",
@@ -439,14 +491,10 @@ import (
439491
apiGroups: [v1.#GroupName]
440492
resources: ["pods/exec"]
441493
verbs: ["create"]
442-
}, {
443-
apiGroups: [admissionregistrationv1.#GroupName]
444-
resources: ["validatingwebhookconfigurations"]
445-
verbs: ["create", "get", "delete", "update"]
446494
}, {
447495
apiGroups: ["csiaddons.openshift.io"]
448496
resources: ["networkfences"]
449-
verbs: ["create", "get", "update", "delete", "watch", "list"]
497+
verbs: ["create", "get", "update", "delete", "watch", "list", "deletecollection"]
450498
}, {
451499
apiGroups: ["apiextensions.k8s.io"]
452500
resources: ["customresourcedefinitions"]

0 commit comments

Comments
 (0)