apiVersion: v1 kind: ServiceAccount metadata: name: csi-synology-democratic-csi-controller-sa namespace: democratic-csi labels: app.kubernetes.io/name: democratic-csi --- apiVersion: v1 kind: ServiceAccount metadata: name: csi-synology-democratic-csi-node-sa namespace: democratic-csi labels: app.kubernetes.io/name: democratic-csi --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-synology-democratic-csi-controller-cr labels: app.kubernetes.io/name: democratic-csi rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - list - create - apiGroups: - resources: - persistentvolumes verbs: - create - delete - get - list - watch - update - patch - apiGroups: - resources: - secrets verbs: - get - list - apiGroups: - resources: - pods verbs: - get - list - watch - apiGroups: - resources: - persistentvolumeclaims verbs: - get - list - watch - update - patch - apiGroups: - resources: - persistentvolumeclaims/status verbs: - get - list - watch - update - patch - apiGroups: - resources: - nodes verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - volumeattachments verbs: - get - list - watch - update - patch - apiGroups: - storage.k8s.io resources: - volumeattachments/status verbs: - patch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - csi.storage.k8s.io resources: - csidrivers verbs: - get - list - watch - update - create - apiGroups: - resources: - events verbs: - list - watch - create - update - patch - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshots/status verbs: - create - get - list - watch - update - patch - delete - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotcontents verbs: - create - get - list - watch - update - patch - delete - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotcontents/status verbs: - create - get - list - watch - update - patch - delete - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshots verbs: - create - get - list - watch - update - patch - delete - apiGroups: - storage.k8s.io resources: - csinodes verbs: - get - list - watch - apiGroups: - csi.storage.k8s.io resources: - csinodeinfos verbs: - get - list - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - watch - list - delete - update - create - apiGroups: - storage.k8s.io resources: - csistoragecapacities verbs: - get - list - watch - create - update - patch - delete - apiGroups: - resources: - pods verbs: - get - apiGroups: - apps resources: - daemonsets - deployments - replicasets - statefulsets verbs: - get --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-synology-democratic-csi-node-cr labels: app.kubernetes.io/name: democratic-csi rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - list - create - apiGroups: - resources: - nodes verbs: - get - list - watch - update - apiGroups: - resources: - persistentvolumes verbs: - get - list - watch - update - apiGroups: - storage.k8s.io resources: - volumeattachments verbs: - get - list - watch - update --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-synology-democratic-csi-controller-rb labels: app.kubernetes.io/name: democratic-csi roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io name: csi-synology-democratic-csi-controller-cr subjects: - kind: ServiceAccount name: csi-synology-democratic-csi-controller-sa namespace: democratic-csi --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-synology-democratic-csi-node-rb labels: app.kubernetes.io/name: democratic-csi roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io name: csi-synology-democratic-csi-node-cr subjects: - kind: ServiceAccount name: csi-synology-democratic-csi-node-sa namespace: democratic-csi