From deca5ec903f74aa2409b6031a02ff6a26ede7a88 Mon Sep 17 00:00:00 2001
From: Steven Reitsma <steven@properchaos.nl>
Date: Mon, 13 Jul 2020 13:48:32 +0200
Subject: [PATCH] Remove old csi-attacher flag and fix RBAC for Cinder CSI
 (#6358)

Add proper RBAC for new csi-attacher version
---
 .../templates/cinder-csi-controllerplugin-rbac.yml.j2      | 7 +++++--
 .../cinder/templates/cinder-csi-controllerplugin.yml.j2    | 1 -
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2
index 2ca3e4486..4dbaf4e17 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2
@@ -16,16 +16,19 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["csinodes"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["patch"]
 
 
 ---
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
index ad7abefbc..f6fe0f624 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
@@ -27,7 +27,6 @@ spec:
             - "--csi-address=$(ADDRESS)"
 {% if cinder_csi_controller_replicas is defined and cinder_csi_controller_replicas > 1 %}
             - --leader-election
-            - --leader-election-type=leases
             - --leader-election-namespace=kube-system
 {% endif %}
           env:
-- 
GitLab