apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main name: objectstorage-controller-sa --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main name: objectstorage-controller namespace: {{ .Release.Namespace }} rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - watch - list - delete - update - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main name: objectstorage-controller-role namespace: {{ .Release.Namespace }} rules: - apiGroups: - objectstorage.k8s.io resources: - bucketclaims - bucketaccesses - bucketclaims/status - bucketaccesses/status verbs: - get - list - watch - update - apiGroups: - objectstorage.k8s.io resources: - buckets verbs: - get - list - watch - update - create - delete - apiGroups: - objectstorage.k8s.io resources: - bucketclasses - bucketaccessclasses verbs: - get - list - apiGroups: - "" resources: - events verbs: - list - watch - create - update - patch - apiGroups: - "" resources: - configmaps - serviceaccounts verbs: - list - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main name: objectstorage-controller namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: objectstorage-controller subjects: - kind: ServiceAccount name: objectstorage-controller-sa namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main name: objectstorage-controller namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: objectstorage-controller-role subjects: - kind: ServiceAccount name: objectstorage-controller-sa namespace: {{ .Release.Namespace }} --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main name: objectstorage-controller spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: container-object-storage-interface-controller app.kubernetes.io/part-of: container-object-storage-interface app.kubernetes.io/version: main spec: containers: - args: - --v=5 image: gcr.io/k8s-staging-sig-storage/objectstorage-controller:v20221027-v0.1.1-8-g300019f imagePullPolicy: Always name: objectstorage-controller serviceAccountName: objectstorage-controller-sa