diff --git a/README.md b/README.md
index 774a34db02e39e2d5a4ac87568a6cada12bfb699..c330e9663afb80f6ee510cc6ded451c060febcfb 100644
--- a/README.md
+++ b/README.md
@@ -102,7 +102,7 @@ Supported Components
     -   [flanneld](https://github.com/coreos/flannel) v0.10.0
     -   [weave](https://github.com/weaveworks/weave) v2.4.0
 -   Application
-    -   [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.0.1-k8s1.11
+    -   [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
     -   [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1
     -   [coredns](https://github.com/coredns/coredns) v1.2.2
     -   [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.18.0
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 5561885a6180246a1674f482305bfb016d3f08d4..992209f5cf7d85ea7481c5859274d345a3047428 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -149,7 +149,7 @@ registry_proxy_image_tag: "0.4"
 local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
 local_volume_provisioner_image_tag: "v2.1.0"
 cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner"
-cephfs_provisioner_image_tag: "v2.0.1-k8s1.11"
+cephfs_provisioner_image_tag: "v2.1.0-k8s1.11"
 ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller"
 ingress_nginx_controller_image_tag: "0.18.0"
 ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend"
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2
index 359d61a40993eaba5cf87f71b5a788c7a7a3859b..4c92ea68e58b4eb4a8dddfc3daa090772682dc5f 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2
@@ -17,17 +17,10 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["endpoints"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get", "create", "delete"]
-  - apiGroups:
-    - policy
-    resourceNames:
-    - cephfs-provisioner
-    resources:
-    - podsecuritypolicies
-    verbs:
-    - use
+  - apiGroups: ["policy"]
+    resourceNames: ["cephfs-provisioner"]
+    resources: ["podsecuritypolicies"]
+    verbs: ["use"]
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/role-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/role-cephfs-provisioner.yml.j2
index fb18127f22c61f33b2193211c1289d15528a3802..1fb80a13a429524faef3a964587af24b713743ad 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/role-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/role-cephfs-provisioner.yml.j2
@@ -8,3 +8,6 @@ rules:
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["create", "get", "delete"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]