From a74261c2ec1ebf9bebd75d8401231d01445eeda6 Mon Sep 17 00:00:00 2001
From: Giovanni Tirloni <giovanni.tirloni@vexxhost.com>
Date: Wed, 5 Jun 2024 10:29:43 -0300
Subject: [PATCH] manifests: Add role for csi-resizer

---
 .../storpool-csi-controllerplugin-rbac.yaml   | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/manifests/storpool-csi-controllerplugin-rbac.yaml b/manifests/storpool-csi-controllerplugin-rbac.yaml
index 60e709e..3c9689f 100644
--- a/manifests/storpool-csi-controllerplugin-rbac.yaml
+++ b/manifests/storpool-csi-controllerplugin-rbac.yaml
@@ -81,3 +81,42 @@ roleRef:
   kind: ClusterRole
   name: csi-provisioner-role
   apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-resizer-role
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattributesclasses"]
+    verbs: ["get", "list", "watch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-resizer-binding
+subjects:
+  - kind: ServiceAccount
+    name: storpool-csi-controller-sa
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: csi-resizer-role
+  apiGroup: rbac.authorization.k8s.io