From 4ac8cdf1653e0d5e2a2bbda215064fcd926b6c86 Mon Sep 17 00:00:00 2001
From: CALIN Cristian Andrei <cristian.calin@outlook.com>
Date: Mon, 13 Sep 2021 22:04:58 +0300
Subject: [PATCH] update snapshotter rbac

---
 .../v1.22/snapshotter/snapshotter.yaml        | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml b/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml
index fc95141..1689f37 100644
--- a/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml
+++ b/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml
@@ -13,6 +13,9 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotclasses"]
     verbs: ["get", "list", "watch"]
@@ -22,6 +25,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents/status"]
     verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
 
 ---
 kind: ClusterRoleBinding
@@ -38,6 +44,32 @@ roleRef:
   name: synology-csi-snapshotter-role
   apiGroup: rbac.authorization.k8s.io
 
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: synology-csi
+  name: synology-csi-snapshotter-cfg
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: synology-csi
+  name: synology-csi-snapshotter-role-cfg
+subjects:
+  - kind: ServiceAccount
+    name: csi-snapshotter-sa
+    namespace: synology-csi
+roleRef:
+  kind: Role
+  name: synology-csi-snapshotter-cfg
+  apiGroup: rbac.authorization.k8s.io
+
 ---
 kind: StatefulSet
 apiVersion: apps/v1