From 6ac1229ab88466e91d9ecd7d09bc1a9ed36e387f Mon Sep 17 00:00:00 2001
From: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Date: Mon, 13 Nov 2023 20:45:21 +0100
Subject: [PATCH] Allow csi-snapshotter to create and manage VolumeSnapshots

This patch allows the `external-snapshotter-runner` ClusterRole, which
is bound to the `csi-snapshotter` Service Account, to create and manage
VolumeSnapshot objects.

This is needed during the synchronization of VolumeGroupSnapshots.
---
 deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml b/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
index 6c15a63b..837c80b3 100644
--- a/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
+++ b/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
@@ -34,6 +34,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotclasses"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update", "patch", "create"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents"]
     verbs: ["get", "list", "watch", "update", "patch", "create"]