kubernetes/democratic-csi/rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-synology-democratic-csi-controller-sa
  namespace: democratic-csi
  labels:
    app.kubernetes.io/name: democratic-csi

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-synology-democratic-csi-node-sa
  namespace: democratic-csi
  labels:
    app.kubernetes.io/name: democratic-csi

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-synology-democratic-csi-controller-cr
  labels:
    app.kubernetes.io/name: democratic-csi
rules:
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - list
  - create
- apiGroups:
  - 
  resources:
  - persistentvolumes
  verbs:
  - create
  - delete
  - get
  - list
  - watch
  - update
  - patch
- apiGroups:
  - 
  resources:
  - secrets
  verbs:
  - get
  - list
- apiGroups:
  - 
  resources:
  - pods
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - 
  resources:
  - persistentvolumeclaims
  verbs:
  - get
  - list
  - watch
  - update
  - patch
- apiGroups:
  - 
  resources:
  - persistentvolumeclaims/status
  verbs:
  - get
  - list
  - watch
  - update
  - patch
- apiGroups:
  - 
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - storage.k8s.io
  resources:
  - volumeattachments
  verbs:
  - get
  - list
  - watch
  - update
  - patch
- apiGroups:
  - storage.k8s.io
  resources:
  - volumeattachments/status
  verbs:
  - patch
- apiGroups:
  - storage.k8s.io
  resources:
  - storageclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - csi.storage.k8s.io
  resources:
  - csidrivers
  verbs:
  - get
  - list
  - watch
  - update
  - create
- apiGroups:
  - 
  resources:
  - events
  verbs:
  - list
  - watch
  - create
  - update
  - patch
- apiGroups:
  - snapshot.storage.k8s.io
  resources:
  - volumesnapshotclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - snapshot.storage.k8s.io
  resources:
  - volumesnapshots/status
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
- apiGroups:
  - snapshot.storage.k8s.io
  resources:
  - volumesnapshotcontents
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
- apiGroups:
  - snapshot.storage.k8s.io
  resources:
  - volumesnapshotcontents/status
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
- apiGroups:
  - snapshot.storage.k8s.io
  resources:
  - volumesnapshots
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
- apiGroups:
  - storage.k8s.io
  resources:
  - csinodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - csi.storage.k8s.io
  resources:
  - csinodeinfos
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - get
  - watch
  - list
  - delete
  - update
  - create
- apiGroups:
  - storage.k8s.io
  resources:
  - csistoragecapacities
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - 
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - apps
  resources:
  - daemonsets
  - deployments
  - replicasets
  - statefulsets
  verbs:
  - get

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-synology-democratic-csi-node-cr
  labels:
    app.kubernetes.io/name: democratic-csi
rules:
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - list
  - create
- apiGroups:
  - 
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
  - update
- apiGroups:
  - 
  resources:
  - persistentvolumes
  verbs:
  - get
  - list
  - watch
  - update
- apiGroups:
  - storage.k8s.io
  resources:
  - volumeattachments
  verbs:
  - get
  - list
  - watch
  - update

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-synology-democratic-csi-controller-rb
  labels:
    app.kubernetes.io/name: democratic-csi
roleRef:
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
  name: csi-synology-democratic-csi-controller-cr
subjects:
- kind: ServiceAccount
  name: csi-synology-democratic-csi-controller-sa
  namespace: democratic-csi

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: csi-synology-democratic-csi-node-rb
  labels:
    app.kubernetes.io/name: democratic-csi
roleRef:
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
  name: csi-synology-democratic-csi-node-cr
subjects:
- kind: ServiceAccount
  name: csi-synology-democratic-csi-node-sa
  namespace: democratic-csi