fix vanilla deployment - add missing service account and update cluster roles

nikhilbarge · nikhilbarge · commit 23fd2c845963 · 2025-03-13T02:15:23.000+05:30
diff --git a/manifests/vanilla/vsphere-csi-driver.yaml b/manifests/vanilla/vsphere-csi-driver.yaml
@@ -56,6 +56,10 @@ rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     verbs: ["get", "create", "update"]
+  - apiGroups: ["policy"]
+    resources: ["podsecuritypolicies"]
+    verbs: ["use"]
+    resourceNames: ["vmware-system-privileged"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments/status"]
     verbs: ["patch"]
@@ -128,6 +132,10 @@ metadata:
   name: vsphere-csi-node-role
   namespace: vmware-system-csi
 rules:
+  - apiGroups: ["policy"]
+    resources: ["podsecuritypolicies"]
+    verbs: ["use"]
+    resourceNames: ["vmware-system-privileged"]
   - apiGroups: [""]
     resources: ["configmaps"]
     verbs: ["get", "list", "watch"]
@@ -590,6 +598,7 @@ spec:
       priorityClassName: system-node-critical
       nodeSelector:
         kubernetes.io/os: windows
+      serviceAccountName: vsphere-csi-node
       securityContext:
         windowsOptions:
           hostProcess: true
