From deca5ec903f74aa2409b6031a02ff6a26ede7a88 Mon Sep 17 00:00:00 2001 From: Steven Reitsma Date: Mon, 13 Jul 2020 13:48:32 +0200 Subject: [PATCH] Remove old csi-attacher flag and fix RBAC for Cinder CSI (#6358) Add proper RBAC for new csi-attacher version --- .../templates/cinder-csi-controllerplugin-rbac.yml.j2 | 7 +++++-- .../cinder/templates/cinder-csi-controllerplugin.yml.j2 | 1 - 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 index 2ca3e4486..4dbaf4e17 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin-rbac.yml.j2 @@ -16,16 +16,19 @@ metadata: rules: - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "patch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] --- diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 index ad7abefbc..f6fe0f624 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 @@ -27,7 +27,6 @@ spec: - "--csi-address=$(ADDRESS)" {% if cinder_csi_controller_replicas is defined and cinder_csi_controller_replicas > 1 %} - --leader-election - - --leader-election-type=leases - --leader-election-namespace=kube-system {% endif %} env: