From 17f739c7accb9d3bed7777e60239b6dda90e06ba Mon Sep 17 00:00:00 2001
From: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Date: Tue, 14 Nov 2023 15:29:21 +0100
Subject: [PATCH] Allow snapshot controller to delete VolumeSnapshots

This patch allows the snapshot-controller-runner ClusterRole, bound to
the snapshot-controller Service Account, to delete VolumeSnapshot
objects. This is needed during the VolumeGroupSnapshot deletion.

Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
---
 .../snapshot-controller/rbac-snapshot-controller.yaml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml b/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
index eeadcfe01..336c7100f 100644
--- a/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
+++ b/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
@@ -38,7 +38,7 @@ rules:
     verbs: ["patch"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
-    verbs: ["get", "list", "watch", "update", "patch"]
+    verbs: ["get", "list", "watch", "update", "patch", "delete"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots/status"]
     verbs: ["update", "patch"]