vendor/k8s.io/kubernetes/test/e2e/testing-manifests/storage-csi/gce-pd/csi-controller-rbac.yaml - cloudstack-kubernetes-provider - Git at Google

 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: csi-controller-sa

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: csi-controller-attacher-role
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
 roleRef:
   kind: ClusterRole
   name: external-attacher-runner
   apiGroup: rbac.authorization.k8s.io

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: csi-controller-attacher-role-cfg
   namespace: default
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
 roleRef:
   kind: Role
   name: external-attacher-cfg

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: csi-controller-provisioner-role
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
 roleRef:
   kind: ClusterRole
   name: external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: csi-controller-provisioner-role-cfg
   namespace: default
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
 roleRef:
   kind: Role
   name: external-provisioner-cfg

 ---
 # priviledged Pod Security Policy, previously defined via PrivilegedTestPSPClusterRoleBinding()
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: psp-csi-controller-driver-registrar-role
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
   - kind: ServiceAccount
     name: csi-node-sa
     namespace: default
 roleRef:
   kind: ClusterRole
   name: e2e-test-privileged-psp
   apiGroup: rbac.authorization.k8s.io
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: csi-controller-sa

	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: csi-controller-attacher-role
	subjects:
	- kind: ServiceAccount
	name: csi-controller-sa
	namespace: default
	roleRef:
	kind: ClusterRole
	name: external-attacher-runner
	apiGroup: rbac.authorization.k8s.io

	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: csi-controller-attacher-role-cfg
	namespace: default
	subjects:
	- kind: ServiceAccount
	name: csi-controller-sa
	namespace: default
	roleRef:
	kind: Role
	name: external-attacher-cfg

	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: csi-controller-provisioner-role
	subjects:
	- kind: ServiceAccount
	name: csi-controller-sa
	namespace: default
	roleRef:
	kind: ClusterRole
	name: external-provisioner-runner
	apiGroup: rbac.authorization.k8s.io

	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: csi-controller-provisioner-role-cfg
	namespace: default
	subjects:
	- kind: ServiceAccount
	name: csi-controller-sa
	namespace: default
	roleRef:
	kind: Role
	name: external-provisioner-cfg

	---
	# priviledged Pod Security Policy, previously defined via PrivilegedTestPSPClusterRoleBinding()
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: psp-csi-controller-driver-registrar-role
	subjects:
	- kind: ServiceAccount
	name: csi-controller-sa
	namespace: default
	- kind: ServiceAccount
	name: csi-node-sa
	namespace: default
	roleRef:
	kind: ClusterRole
	name: e2e-test-privileged-psp
	apiGroup: rbac.authorization.k8s.io