netapp-dataops-toolkit/netapp_dataops_k8s/Examples/service-account-netapp-dataops.yaml at main · NetApp/netapp-dataops-toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# RBAC example for in-cluster use of the NetApp DataOps Toolkit. Cluster administrators should also
# enable etcd encryption at rest for Secret data and follow Kubernetes Secret good practices:
# https://kubernetes.io/docs/concepts/security/secrets-good-practices/
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: netapp-dataops
  namespace: default # Replace with desired namespace
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: netapp-dataops
rules:
- apiGroups: [""]
  resources: ["persistentvolumeclaims", "persistentvolumeclaims/status", "services"]
  verbs: ["get", "list", "create", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
  resources: ["volumesnapshots", "volumesnapshots/status", "volumesnapshotcontents", "volumesnapshotcontents/status"]
  verbs: ["get", "list", "create", "delete"]
- apiGroups: ["apps", "extensions"]
  resources: ["deployments", "deployments/scale", "deployments/status"]
  verbs: ["get", "list", "create", "delete", "patch", "update"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: netapp-dataops
subjects:
- kind: ServiceAccount
  name: netapp-dataops
  namespace: default # Replace with desired namespace
roleRef:
  kind: ClusterRole
  name: netapp-dataops
  apiGroup: rbac.authorization.k8s.io