From e6098520d16cadc650ce60b9a2f22c5bc8ae0619 Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Wed, 3 Feb 2021 21:24:24 +0530
Subject: [PATCH] rbd: add configmap get clusterrole for provisioner

as provisioner need to get the configmap from
different namespace to check tenant configuration.
added the clusterrole get access for the same.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml | 3 +++
 deploy/rbd/kubernetes/csi-provisioner-rbac.yaml            | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
index d4dde7631..1f7aca806 100644
--- a/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
@@ -48,6 +48,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents/status"]
     verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
 {{- if .Values.provisioner.resizer.enabled }}
   - apiGroups: [""]
     resources: ["persistentvolumeclaims/status"]
diff --git a/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml
index e45c3edca..585cfbe2f 100644
--- a/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml
+++ b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml
@@ -52,6 +52,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents/status"]
     verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1