From cabcac56a960898b9f9cee1046124a59783cca59 Mon Sep 17 00:00:00 2001 From: Drew Sirenko <68304519+AndrewSirenko@users.noreply.github.com> Date: Fri, 22 Sep 2023 15:58:52 -0400 Subject: [PATCH] feat(helm): add to additionalClusterRoleRules to sidecar chart templates --- .../templates/clusterrole-attacher.yaml | 3 +++ .../templates/clusterrole-provisioner.yaml | 3 +++ .../aws-ebs-csi-driver/templates/clusterrole-resizer.yaml | 3 +++ .../templates/clusterrole-snapshotter.yaml | 3 +++ charts/aws-ebs-csi-driver/values.yaml | 8 ++++++++ 5 files changed, 20 insertions(+) diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml index 816fdf66ed..bff6577b34 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml @@ -21,3 +21,6 @@ rules: - apiGroups: [ "storage.k8s.io" ] resources: [ "volumeattachments/status" ] verbs: [ "patch" ] + {{- with .Values.sidecars.attacher.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml index c8f737df42..7b75148beb 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml @@ -33,3 +33,6 @@ rules: - apiGroups: [ "storage.k8s.io" ] resources: [ "volumeattachments" ] verbs: [ "get", "list", "watch" ] + {{- with .Values.sidecars.provisioner.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml index 065f3aba2b..c6d76d300d 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml @@ -29,3 +29,6 @@ rules: - apiGroups: [ "" ] resources: [ "pods" ] verbs: [ "get", "list", "watch" ] + {{- with .Values.sidecars.resizer.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml index 38e688a8a2..3ef76a3247 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml @@ -25,3 +25,6 @@ rules: - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotcontents/status" ] verbs: [ "update" ] + {{- with .Values.sidecars.snapshotter.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/charts/aws-ebs-csi-driver/values.yaml b/charts/aws-ebs-csi-driver/values.yaml index 3e8dc1cb94..43c3584c5a 100644 --- a/charts/aws-ebs-csi-driver/values.yaml +++ b/charts/aws-ebs-csi-driver/values.yaml @@ -23,6 +23,8 @@ sidecars: logLevel: 2 # Additional parameters provided by external-provisioner. additionalArgs: [] + # Grant additional permissions to external-provisioner + additionalClusterRoleRules: resources: {} # Tune leader lease election for csi-provisioner. # Leader election is on by default. @@ -56,6 +58,8 @@ sidecars: logLevel: 2 # Additional parameters provided by external-attacher. additionalArgs: [] + # Grant additional permissions to external-attacher + additionalClusterRoleRules: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -71,6 +75,8 @@ sidecars: logLevel: 2 # Additional parameters provided by csi-snapshotter. additionalArgs: [] + # Grant additional permissions to csi-snapshotter + additionalClusterRoleRules: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -105,6 +111,8 @@ sidecars: logLevel: 2 # Additional parameters provided by external-resizer. additionalArgs: [] + # Grant additional permissions to external-resizer + additionalClusterRoleRules: [] resources: {} securityContext: readOnlyRootFilesystem: true