Allow csi-snapshotter to create and manage VolumeSnapshots

This patch allows the `external-snapshotter-runner` ClusterRole, which is bound to the `csi-snapshotter` Service Account, to create and manage VolumeSnapshot objects. This is needed during the synchronization of VolumeGroupSnapshots.
2023-11-13 20:45:21 +01:00
parent 36c3f6d7d7
commit 6ac1229ab8
1 changed files with 3 additions and 0 deletions
--- a/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
+++ b/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
@@ -34,6 +34,9 @@ rules:
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update", "patch", "create"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
    verbs: ["get", "list", "watch", "update", "patch", "create"]