From e4fe2cf6297e4c1bc9e84ae787ace914d1a7c349 Mon Sep 17 00:00:00 2001
From: Robert Volkmann <robert.volkmann@x-cellent.com>
Date: Wed, 20 Mar 2024 11:29:41 +0100
Subject: [PATCH] Add necessary permission for leader election with Leases

https://github.com/kubernetes-sigs/sig-storage-lib-external-provisioner/pull/120
---
 deploy/controller.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/deploy/controller.yaml b/deploy/controller.yaml
index 6cfbdb5..1e1fa4b 100644
--- a/deploy/controller.yaml
+++ b/deploy/controller.yaml
@@ -48,6 +48,34 @@ subjects:
   name: csi-lvm-controller
   namespace: csi-lvm
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: csi-lvm-controller
+  namespace: csi-lvm
+rules:
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    resourceNames: ["metal-stack.io-csi-lvm"]
+    verbs: ["get", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: csi-lvm-controller
+  namespace: csi-lvm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: csi-lvm-controller
+subjects:
+  - kind: ServiceAccount
+    name: csi-lvm-controller
+    namespace: csi-lvm
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata: