From 787e0a4d7b003bdca960d8677151c5e0fd7d5bcb Mon Sep 17 00:00:00 2001
From: Chin-Ya Huang <chin-ya.huang@suse.com>
Date: Mon, 17 Feb 2020 16:43:01 +0800
Subject: [PATCH] StatefulSet forbiddened to create CRD resource

Missing RBAC rule forbiddens to create CRD resource.
```
User \"system:serviceaccount:kube-system:csi-snapshotter\"
cannot create resource \"customresourcedefinitions\" in API
group \"apiextensions.k8s.io\" at the cluster scope",
Reason:"Forbidden"
```

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
---
 deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml b/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
index 9ca4e00a7..d86f1b90f 100644
--- a/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
+++ b/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml
@@ -39,6 +39,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents/status"]
     verbs: ["update"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["create"]
 
 ---
 kind: ClusterRoleBinding