apiVersion: v1
kind: ServiceAccount
metadata:
name: volume-data-source-validator
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: volume-data-source-validator
rules:
- apiGroups: [populator.storage.k8s.io]
resources: [volumepopulators]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [persistentvolumeclaims]
verbs: [get, list, watch]
- apiGroups: [""]
resources: [events]
verbs: [list, watch, create, update, patch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: volume-data-source-validator
labels:
addonmanager.kubernetes.io/mode: Reconcile
subjects:
- kind: ServiceAccount
name: volume-data-source-validator
namespace: kube-system
roleRef:
kind: ClusterRole
name: volume-data-source-validator
apiGroup: rbac.authorization.k8s.io