provisioning/taskservs/external-nfs/default/core-nfs.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: nfs-provisioner
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-client
parameters:
  archiveOnDelete: "false"
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
reclaimPolicy: Retain
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  namespace: nfs-provisioner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: leader-locking-nfs-client-provisioner
  namespace: nfs-provisioner
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: nfs-client-provisioner-runner
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - persistentvolumes
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - persistentvolumeclaims
  verbs:
  - get
  - list
  - watch
  - update
- apiGroups:
  - storage.k8s.io
  resources:
  - storageclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - update
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: leader-locking-nfs-client-provisioner
  namespace: nfs-provisioner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
  name: nfs-client-provisioner
  namespace: nfs-provisioner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: run-nfs-client-provisioner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nfs-client-provisioner-runner
subjects:
- kind: ServiceAccount
  name: nfs-client-provisioner
  namespace: nfs-provisioner
chore: add current provisioning state before migration 2025-09-22 22:11:41 +00:00			`apiVersion: v1`
			`kind: Namespace`
			`metadata:`
			`name: nfs-provisioner`
			`---`
			`apiVersion: storage.k8s.io/v1`
			`kind: StorageClass`
			`metadata:`
			`name: nfs-client`
			`parameters:`
			`archiveOnDelete: "false"`
			`provisioner: k8s-sigs.io/nfs-subdir-external-provisioner`
			`reclaimPolicy: Retain`
			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: nfs-client-provisioner`
			`namespace: nfs-provisioner`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: leader-locking-nfs-client-provisioner`
			`namespace: nfs-provisioner`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- endpoints`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- update`
			`- patch`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: nfs-client-provisioner-runner`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- nodes`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- persistentvolumes`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- delete`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- persistentvolumeclaims`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- update`
			`- apiGroups:`
			`- storage.k8s.io`
			`resources:`
			`- storageclasses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- events`
			`verbs:`
			`- create`
			`- update`
			`- patch`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: leader-locking-nfs-client-provisioner`
			`namespace: nfs-provisioner`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: leader-locking-nfs-client-provisioner`
			`subjects:`
			`- kind: ServiceAccount`
			`name: nfs-client-provisioner`
			`namespace: nfs-provisioner`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: run-nfs-client-provisioner`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: nfs-client-provisioner-runner`
			`subjects:`
			`- kind: ServiceAccount`
			`name: nfs-client-provisioner`
			`namespace: nfs-provisioner`