1 {{- if .Values.rbacEnable }}
2 # The cluster role for managing all the cluster-specific resources in a namespace
3 apiVersion: rbac.authorization.k8s.io/v1beta1
6 name: rook-ceph-cluster-mgmt
41 # The cluster role for managing the Rook CRDs
42 apiVersion: rbac.authorization.k8s.io/v1beta1
45 name: rook-ceph-global
53 # Pod access is needed for fencing
55 # Node access is needed for determining nodes where mons should run
66 # PVs and PVCs are managed by the Rook provisioner
68 - persistentvolumeclaims
109 # Aspects of ceph-mgr that require cluster-wide access
111 apiVersion: rbac.authorization.k8s.io/v1beta1
113 name: rook-ceph-mgr-cluster
116 storage-backend: ceph
128 {{- if ((.Values.agent) and .Values.agent.mountSecurityMode) and ne .Values.agent.mountSecurityMode "Any" }}
130 apiVersion: rbac.authorization.k8s.io/v1beta1
133 name: rook-ceph-agent-mount
136 storage-backend: ceph
145 {{- if .Values.pspEnable }}
147 apiVersion: rbac.authorization.k8s.io/v1beta1
150 name: rook-ceph-system-psp-user
153 storage-backend: ceph
154 chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
159 - podsecuritypolicies
161 - 00-rook-ceph-operator