From 9d7f358d4b4d7160131ada325c45f41148ea715e Mon Sep 17 00:00:00 2001
From: rafal-jan <rafal7jan@gmail.com>
Date: Tue, 6 Oct 2020 15:44:21 +0200
Subject: [PATCH] Fix csi-snapshotter timeout option. Fix
 ebs-external-attacher-role ClusterRole. (#6776)

---
 .../aws-ebs-csi-controllerservice-rbac.yml.j2     | 15 ++++++++-------
 .../aws-ebs-csi-controllerservice.yml.j2          |  2 +-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice-rbac.yml.j2
index e6fe07af8..87bfa31a3 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice-rbac.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice-rbac.yml.j2
@@ -51,6 +51,7 @@ roleRef:
 
 ---
 
+# The permissions in this ClusterRole are tightly coupled with the version of csi-attacher used. More information about this can be found in kubernetes-csi/external-attacher.
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -58,16 +59,16 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["patch"]
 
 ---
 
diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2 b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
index 0aa5f2b38..b08196efb 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/templates/aws-ebs-csi-controllerservice.yml.j2
@@ -92,7 +92,7 @@ spec:
           image: {{ csi_snapshotter_image_repo }}:{{ csi_snapshotter_image_tag }}
           args:
             - --csi-address=$(ADDRESS)
-            - --connection-timeout=15s
+            - --timeout=15s
           env:
             - name: ADDRESS
               value: /var/lib/csi/sockets/pluginproxy/csi.sock
-- 
GitLab