diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
index 70f20adb992c197be34586efe1ab18710849760b..8cf86cf2871983fedff681945588061a41c9b19a 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
@@ -21,4 +21,4 @@ external_openstack_cacert: "{{ lookup('env','OS_CACERT') }}"
## arg1: "value1"
## arg2: "value2"
external_openstack_cloud_controller_extra_args: {}
-external_openstack_cloud_controller_image_tag: "v1.18.2"
+external_openstack_cloud_controller_image_tag: "v1.22.0"
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-role-bindings.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-role-bindings.yml.j2
index 136486ffe0ca49cec4053003e537b161533811b9..bbdf3364a14dbcb7de7e451afc12c14210429d8f 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-role-bindings.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-role-bindings.yml.j2
@@ -1,29 +1,5 @@
apiVersion: v1
items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: system:cloud-node-controller
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:cloud-node-controller
- subjects:
- - kind: ServiceAccount
- name: cloud-node-controller
- namespace: kube-system
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: system:pvl-controller
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:pvl-controller
- subjects:
- - kind: ServiceAccount
- name: pvl-controller
- namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
index f89cd4b67104fd9f9f7dd7ddfaefb8f6a43694ae..72f8da545456b2307d335d56baeab9394d6274b4 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
@@ -45,98 +45,10 @@ items:
- apiGroups:
- ""
resources:
- - serviceaccounts
+ - services/status
verbs:
- - create
- - get
- - apiGroups:
- - ""
- resources:
- - persistentvolumes
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - endpoints
- verbs:
- - create
- - get
- - list
- - watch
- - update
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - list
- - get
- - watch
- - apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
- - apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
-
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: system:cloud-node-controller
- rules:
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - nodes/status
- verbs:
- - patch
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- patch
- - update
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: system:pvl-controller
- rules:
- apiGroups:
- ""
- resources:
- - persistentvolumes
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - update
kind: List
metadata: {}