diff --git a/.werf/consts.yaml b/.werf/consts.yaml
index 0431364f..dda87e75 100644
--- a/.werf/consts.yaml
+++ b/.werf/consts.yaml
@@ -2,6 +2,7 @@
 {{- $_ := set $ "BASE_ALPINE_DEV"  "registry.deckhouse.io/base_images/dev-alpine:3.16.3@sha256:c706fa83cc129079e430480369a3f062b8178cac9ec89266ebab753a574aca8e" }}
 {{- $_ := set $ "BASE_ALT_P11"     "registry.deckhouse.io/base_images/alt:p11@sha256:c396cd7348a48f9236413e2ef5569223c15e554c0a3ca37f9d92fb787d4f1893" }}
 {{- $_ := set $ "BASE_GOLANG_1_22" "registry.deckhouse.io/base_images/golang:1.22.7-bullseye@sha256:e5dc67bf84590c008338a0e30f56a6ed2092a38e0d2895c797dd501db73a2330" }}
+{{- $_ := set . "BASE_GOLANG_1_23" "registry.deckhouse.io/base_images/golang:1.23.6-bookworm@sha256:ca569d98545ab5a090449da29d637fb3f5a273d3a002554af328be9873777cef" }}
 {{- $_ := set $ "BASE_PYTHON"      "registry.deckhouse.io/base_images/python:3.7.16-alpine3.16@sha256:054c898ee5eacb0b3d85bdb603d6229b93619964cc01be5274acdf3e451e5ef8" }}
 {{- $_ := set $ "BASE_SCRATCH"     "registry.deckhouse.io/base_images/scratch@sha256:653ae76965c98c8cd1c8c9ff7725316d2983986f896655b30e0f44d2f8b2dd7e" }}
 
diff --git a/images/linstor-csi/patches/requisites.patch b/images/linstor-csi/patches/0001-requisites.patch
similarity index 100%
rename from images/linstor-csi/patches/requisites.patch
rename to images/linstor-csi/patches/0001-requisites.patch
diff --git a/images/linstor-csi/patches/rename-linbit-labels.patch b/images/linstor-csi/patches/0002-rename-linbit-labels.patch
similarity index 100%
rename from images/linstor-csi/patches/rename-linbit-labels.patch
rename to images/linstor-csi/patches/0002-rename-linbit-labels.patch
diff --git a/images/linstor-csi/patches/new-csi-path.patch b/images/linstor-csi/patches/0003-new-csi-path.patch
similarity index 100%
rename from images/linstor-csi/patches/new-csi-path.patch
rename to images/linstor-csi/patches/0003-new-csi-path.patch
diff --git a/images/linstor-csi/patches/0004-linstor-csi-plugin-add-new-patch.patch b/images/linstor-csi/patches/0004-linstor-csi-plugin-add-new-patch.patch
new file mode 100644
index 00000000..3a01546e
--- /dev/null
+++ b/images/linstor-csi/patches/0004-linstor-csi-plugin-add-new-patch.patch
@@ -0,0 +1,790 @@
+From c63e8005621ffff6a7f2546d7ebc1d6c4c13d058 Mon Sep 17 00:00:00 2001
+From: Slava V <vyacheslav.voytenok@flant.com>
+Date: Wed, 12 Mar 2025 20:40:15 +0700
+Subject: [PATCH] [linstor-csi-plugin] add new patch
+
+Signed-off-by: Slava V <vyacheslav.voytenok@flant.com>
+---
+ cmd/linstor-csi/linstor-csi.go                |  30 ++++
+ go.mod                                        |  70 +++++----
+ go.sum                                        | 146 +++++++++---------
+ pkg/client/kubeutils/kubeutils.go             |  34 ++++
+ pkg/client/linstor.go                         |   4 +-
+ pkg/client/mock.go                            |   2 +-
+ pkg/driver/driver.go                          |  53 ++++++-
+ .../highlevelclient/high_level_client.go      |  30 +++-
+ pkg/topology/scheduler/autoplace/autoplace.go |   4 +-
+ .../autoplacetopology/autoplacetopology.go    |   4 +-
+ pkg/topology/scheduler/balancer/balancer.go   |   2 +-
+ .../followtopology/follow_topology.go         |   4 +-
+ pkg/topology/scheduler/manual/manual.go       |   4 +-
+ pkg/topology/scheduler/scheduler.go           |   2 +-
+ pkg/volume/volume.go                          |   8 +-
+ 15 files changed, 274 insertions(+), 123 deletions(-)
+ create mode 100644 pkg/client/kubeutils/kubeutils.go
+
+diff --git a/cmd/linstor-csi/linstor-csi.go b/cmd/linstor-csi/linstor-csi.go
+index e1a9ab9..dfd330f 100644
+--- a/cmd/linstor-csi/linstor-csi.go
++++ b/cmd/linstor-csi/linstor-csi.go
+@@ -27,9 +27,14 @@ import (
+ 
+ 	linstor "github.com/LINBIT/golinstor"
+ 	lapi "github.com/LINBIT/golinstor/client"
++	snc "github.com/deckhouse/sds-node-configurator/api/v1alpha1"
++	srv "github.com/deckhouse/sds-replicated-volume/api/v1alpha1"
+ 	log "github.com/sirupsen/logrus"
+ 	"golang.org/x/time/rate"
++	apiruntime "k8s.io/apimachinery/pkg/runtime"
++	kubecl "sigs.k8s.io/controller-runtime/pkg/client"
+ 
++	"github.com/piraeusdatastore/linstor-csi/pkg/client/kubeutils"
+ 	"github.com/piraeusdatastore/linstor-csi/pkg/client"
+ 	"github.com/piraeusdatastore/linstor-csi/pkg/driver"
+ 	lc "github.com/piraeusdatastore/linstor-csi/pkg/linstor/highlevelclient"
+@@ -37,6 +42,11 @@ import (
+ )
+ 
+ func main() {
++	var resourcesSchemeFuncs = []func(*apiruntime.Scheme) error{
++		srv.AddToScheme,
++		snc.AddToScheme,
++	}
++
+ 	var (
+ 		lsEndpoint            = flag.String("linstor-endpoint", "", "Controller API endpoint for LINSTOR")
+ 		lsSkipTLSVerification = flag.Bool("linstor-skip-tls-verification", false, "If true, do not verify tls")
+@@ -126,6 +136,25 @@ func main() {
+ 		log.Fatal(err)
+ 	}
+ 
++
++	kConfig, err := kubeutils.KubernetesDefaultConfigCreate()
++	if err != nil {
++		log.Fatal(err)
++	}
++	scheme := apiruntime.NewScheme()
++	for _, f := range resourcesSchemeFuncs {
++		err := f(scheme)
++		if err != nil {
++			log.Fatal(err)
++		}
++	}
++	cl, err := kubecl.New(kConfig, kubecl.Options{
++		Scheme: scheme,
++	})
++	if err != nil {
++		log.Fatal(err)
++	}
++
+ 	drv, err := driver.NewDriver(
+ 		driver.Assignments(linstorClient),
+ 		driver.Endpoint(*csiEndpoint),
+@@ -140,6 +169,7 @@ func main() {
+ 		driver.NodeInformer(linstorClient),
+ 		driver.TopologyPrefix(*propNs),
+ 		driver.ConfigureKubernetesIfAvailable(),
++		driver.Kubeclient(cl),
+ 	)
+ 	if err != nil {
+ 		log.Fatal(err)
+diff --git a/go.mod b/go.mod
+index 11af985..01d469b 100644
+--- a/go.mod
++++ b/go.mod
+@@ -1,52 +1,52 @@
+ module github.com/piraeusdatastore/linstor-csi
+ 
+-go 1.21
++go 1.23.0
+ 
+-toolchain go1.21.5
++toolchain go1.23.3
+ 
+ require (
+ 	github.com/LINBIT/golinstor v0.50.0
+ 	github.com/container-storage-interface/spec v1.9.0
++	github.com/deckhouse/sds-node-configurator/api v0.0.0-20250306102837-05f1464394a5
++	github.com/deckhouse/sds-replicated-volume/api v0.0.0-20250306075247-d1b625c2a23b
+ 	github.com/haySwim/data v0.2.0
+ 	github.com/kubernetes-csi/csi-test/v5 v5.2.0
+ 	github.com/pborman/uuid v1.2.1
+ 	github.com/sirupsen/logrus v1.9.3
+ 	github.com/stretchr/testify v1.9.0
+-	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
+-	golang.org/x/sys v0.19.0
+-	golang.org/x/time v0.5.0
+-	google.golang.org/grpc v1.63.0
+-	google.golang.org/protobuf v1.33.0
++	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
++	golang.org/x/sys v0.28.0
++	golang.org/x/time v0.7.0
++	google.golang.org/grpc v1.65.0
++	google.golang.org/protobuf v1.35.1
+ 	gopkg.in/yaml.v3 v3.0.1
+-	k8s.io/api v0.29.3
+-	k8s.io/apimachinery v0.29.3
+-	k8s.io/client-go v0.29.3
++	k8s.io/api v0.32.1
++	k8s.io/apimachinery v0.32.3
++	k8s.io/client-go v0.32.1
+ 	k8s.io/mount-utils v0.29.3
+-	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
++	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
++	sigs.k8s.io/controller-runtime v0.20.3
+ )
+ 
+ require (
+-	github.com/Masterminds/goutils v1.1.1 // indirect
+-	github.com/Masterminds/semver v1.5.0 // indirect
+-	github.com/davecgh/go-spew v1.1.1 // indirect
++	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+ 	github.com/donovanhide/eventsource v0.0.0-20210830082556-c59027999da0 // indirect
+ 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+-	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
+-	github.com/go-logr/logr v1.4.1 // indirect
++	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
++	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
++	github.com/go-logr/logr v1.4.2 // indirect
+ 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+ 	github.com/go-openapi/jsonreference v0.21.0 // indirect
+ 	github.com/go-openapi/swag v0.23.0 // indirect
+-	github.com/go-task/slim-sprig v2.20.0+incompatible // indirect
++	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+ 	github.com/gogo/protobuf v1.3.2 // indirect
+ 	github.com/golang/protobuf v1.5.4 // indirect
+ 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+ 	github.com/google/go-cmp v0.6.0 // indirect
+ 	github.com/google/go-querystring v1.1.0 // indirect
+ 	github.com/google/gofuzz v1.2.0 // indirect
+-	github.com/google/pprof v0.0.0-20211214055906-6f57359322fd // indirect
++	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
+ 	github.com/google/uuid v1.6.0 // indirect
+-	github.com/huandu/xstrings v1.4.0 // indirect
+-	github.com/imdario/mergo v0.3.6 // indirect
+ 	github.com/josharian/intern v1.0.0 // indirect
+ 	github.com/json-iterator/go v1.1.12 // indirect
+ 	github.com/mailru/easyjson v0.7.7 // indirect
+@@ -54,24 +54,26 @@ require (
+ 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+ 	github.com/modern-go/reflect2 v1.0.2 // indirect
+ 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+-	github.com/onsi/ginkgo/v2 v2.17.1 // indirect
+-	github.com/onsi/gomega v1.32.0 // indirect
++	github.com/onsi/ginkgo/v2 v2.22.0 // indirect
++	github.com/onsi/gomega v1.36.1 // indirect
+ 	github.com/pkg/errors v0.9.1 // indirect
+-	github.com/pmezard/go-difflib v1.0.0 // indirect
++	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
++	github.com/spf13/pflag v1.0.5 // indirect
+ 	github.com/stretchr/objx v0.5.2 // indirect
+-	golang.org/x/crypto v0.22.0 // indirect
+-	golang.org/x/net v0.24.0 // indirect
+-	golang.org/x/oauth2 v0.19.0 // indirect
+-	golang.org/x/term v0.19.0 // indirect
+-	golang.org/x/text v0.14.0 // indirect
+-	golang.org/x/tools v0.20.0 // indirect
+-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
++	github.com/x448/float16 v0.8.4 // indirect
++	golang.org/x/net v0.33.0 // indirect
++	golang.org/x/oauth2 v0.23.0 // indirect
++	golang.org/x/term v0.27.0 // indirect
++	golang.org/x/text v0.21.0 // indirect
++	golang.org/x/tools v0.26.0 // indirect
++	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
++	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+ 	gopkg.in/inf.v0 v0.9.1 // indirect
+ 	gopkg.in/yaml.v2 v2.4.0 // indirect
+-	k8s.io/klog/v2 v2.120.1 // indirect
+-	k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec // indirect
++	k8s.io/klog/v2 v2.130.1 // indirect
++	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+ 	moul.io/http2curl/v2 v2.3.0 // indirect
+-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
++	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
++	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+ 	sigs.k8s.io/yaml v1.4.0 // indirect
+ )
+diff --git a/go.sum b/go.sum
+index 4a55510..39d1fce 100644
+--- a/go.sum
++++ b/go.sum
+@@ -1,33 +1,35 @@
+ github.com/LINBIT/golinstor v0.50.0 h1:WLdk+Jca/6BSOgmGaFqYrGEZlh0D7kjps4ak20Ntj80=
+ github.com/LINBIT/golinstor v0.50.0/go.mod h1:MCkHNdHxoGw4mnt8DGsSqWNF5ZGhYFy6Lr4tQLyVBs0=
+-github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
+-github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
+-github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+ github.com/container-storage-interface/spec v1.9.0 h1:zKtX4STsq31Knz3gciCYCi1SXtO2HJDecIjDVboYavY=
+ github.com/container-storage-interface/spec v1.9.0/go.mod h1:ZfDu+3ZRyeVqxZM0Ds19MVLkN2d1XJ5MAfi1L3VjlT0=
+ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
++github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/deckhouse/sds-node-configurator/api v0.0.0-20250306102837-05f1464394a5 h1:Kw9MIr7y8FBQ4bB8fMxBhuL7yZYWsgzEiHg42wnYYcI=
++github.com/deckhouse/sds-node-configurator/api v0.0.0-20250306102837-05f1464394a5/go.mod h1:bhgBeuAdLlDc9EQ5qI+/18iRj8Jfr2qfFwE1QnIoQM4=
++github.com/deckhouse/sds-replicated-volume/api v0.0.0-20250306075247-d1b625c2a23b h1:Kh9hT/9sJU95oMSK/SBhhpYdW8X2PL+TPo8r2xaG4no=
++github.com/deckhouse/sds-replicated-volume/api v0.0.0-20250306075247-d1b625c2a23b/go.mod h1:6yz0RtbkLVJtK2DeuvgfaqBZRl5V5ax1WsfPF5pbnvo=
+ github.com/donovanhide/eventsource v0.0.0-20210830082556-c59027999da0 h1:C7t6eeMaEQVy6e8CarIhscYQlNmw5e3G36y7l7Y21Ao=
+ github.com/donovanhide/eventsource v0.0.0-20210830082556-c59027999da0/go.mod h1:56wL82FO0bfMU5RvfXoIwSOP2ggqqxT+tAfNEIyxuHw=
+ github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
+ github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+-github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+-github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
++github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
++github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
++github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
++github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
++github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
++github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
++github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
++github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+ github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+ github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+ github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+ github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+ github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+-github.com/go-task/slim-sprig v2.20.0+incompatible h1:4Xh3bDzO29j4TWNOI+24ubc0vbVFMg2PMnXKxK54/CA=
+-github.com/go-task/slim-sprig v2.20.0+incompatible/go.mod h1:N/mhXZITr/EQAOErEHciKvO1bFei2Lld2Ym6h96pdy0=
++github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
++github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+@@ -43,18 +45,13 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17
+ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+-github.com/google/pprof v0.0.0-20211214055906-6f57359322fd h1:1FjCyPC+syAzJ5/2S8fqdZK1R22vvA0J7JZKcuOIQ7Y=
+-github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
++github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
++github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+ github.com/haySwim/data v0.2.0 h1:MsvJomrx+BIUSou/1eQmGM287QnGhH+TzUpPxtm2CcQ=
+ github.com/haySwim/data v0.2.0/go.mod h1:31NM7PMhzuelw13Nxdijo2yVVFxIFxAPWv9mM9RlBig=
+-github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
+-github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+-github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
+-github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+-github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+@@ -78,19 +75,20 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
+ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+-github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
+-github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+-github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
+-github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
++github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
++github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
++github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
++github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+ github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
+ github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+ github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28=
+ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
++github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
++github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
++github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
++github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+@@ -105,15 +103,19 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
+ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+ github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+ github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502/go.mod h1:p9lPsd+cx33L3H9nNoecRRxPssFKUwwI50I3pZ0yT+8=
++github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
++github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
++go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
++go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
++go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
++go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+-golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+-golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
++golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
++golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+@@ -121,77 +123,81 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
+ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
+-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
++golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
++golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
++golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
++golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+-golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+-golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
++golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
++golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
++golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
++golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
++golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
++golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
++golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+ golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+-golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
+-golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
++golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
++golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+-google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de h1:cZGRis4/ot9uVm639a+rHCUaG0JJHEsdyzSQTMX+suY=
+-google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
+-google.golang.org/grpc v1.63.0 h1:WjKe+dnvABXyPJMD7KDNLxtoGk5tgk+YFWN6cBWjZE8=
+-google.golang.org/grpc v1.63.0/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
+-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
++google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs=
++google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
++google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
++google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
++google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
++google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
++gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
++gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+-k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
+-k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
+-k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
+-k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
+-k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
+-k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
+-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+-k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec h1:iGTel2aR8vCZdxJDgmbeY0zrlXy9Qcvyw4R2sB4HLrA=
+-k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw=
++k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
++k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
++k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
++k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
++k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
++k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
++k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
++k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
++k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
++k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
++k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
++k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+ k8s.io/mount-utils v0.29.3 h1:iEcqPP7Vv8UClH8nnMfovtmy/04fIloRW9JuSXykoZ0=
+ k8s.io/mount-utils v0.29.3/go.mod h1:9IWJTMe8tG0MYMLEp60xK9GYVeCdA3g4LowmnVi+t9Y=
+-k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
+-k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
++k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
++k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+ moul.io/http2curl/v2 v2.3.0 h1:9r3JfDzWPcbIklMOs2TnIFzDYvfAZvjeavG6EzP7jYs=
+ moul.io/http2curl/v2 v2.3.0/go.mod h1:RW4hyBjTWSYDOxapodpNEtX0g5Eb16sxklBqmd2RHcE=
+-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
++sigs.k8s.io/controller-runtime v0.20.3 h1:I6Ln8JfQjHH7JbtCD2HCYHoIzajoRxPNuvhvcDbZgkI=
++sigs.k8s.io/controller-runtime v0.20.3/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY=
++sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
++sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
++sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
++sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+ sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+ sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+diff --git a/pkg/client/kubeutils/kubeutils.go b/pkg/client/kubeutils/kubeutils.go
+new file mode 100644
+index 0000000..7f8c32a
+--- /dev/null
++++ b/pkg/client/kubeutils/kubeutils.go
+@@ -0,0 +1,34 @@
++/*
++Copyright 2023 Flant JSC
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++    http://www.apache.org/licenses/LICENSE-2.0
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/
++
++package kubeutils
++
++import (
++	"fmt"
++
++	"k8s.io/client-go/rest"
++	"k8s.io/client-go/tools/clientcmd"
++)
++
++func KubernetesDefaultConfigCreate() (*rest.Config, error) {
++	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
++		clientcmd.NewDefaultClientConfigLoadingRules(),
++		&clientcmd.ConfigOverrides{},
++	)
++	// Get a config to talk to API server
++	config, err := clientConfig.ClientConfig()
++	if err != nil {
++		return nil, fmt.Errorf("config kubernetes error %w", err)
++	}
++	return config, nil
++}
+diff --git a/pkg/client/linstor.go b/pkg/client/linstor.go
+index dfb4862..f31e12f 100644
+--- a/pkg/client/linstor.go
++++ b/pkg/client/linstor.go
+@@ -408,13 +408,13 @@ func (s *Linstor) Delete(ctx context.Context, volId string) error {
+ 
+ // AccessibleTopologies returns a list of pointers to csi.Topology from where the
+ // volume is reachable, based on the localStoragePolicy reported by the volume.
+-func (s *Linstor) AccessibleTopologies(ctx context.Context, volId string, params *volume.Parameters) ([]*csi.Topology, error) {
++func (s *Linstor) AccessibleTopologies(ctx context.Context, volId string, params *volume.Parameters, p *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
+ 	volumeScheduler, err := s.schedulerByPlacementPolicy(params.PlacementPolicy)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+ 
+-	return volumeScheduler.AccessibleTopologies(ctx, volId, params.AllowRemoteVolumeAccess)
++	return volumeScheduler.AccessibleTopologies(ctx, volId, params.AllowRemoteVolumeAccess, p)
+ }
+ 
+ func (s *Linstor) schedulerByPlacementPolicy(policy topology.PlacementPolicy) (scheduler.Interface, error) {
+diff --git a/pkg/client/mock.go b/pkg/client/mock.go
+index dcc930a..f4d544c 100644
+--- a/pkg/client/mock.go
++++ b/pkg/client/mock.go
+@@ -94,7 +94,7 @@ func (s *MockStorage) Delete(ctx context.Context, volId string) error {
+ 	return nil
+ }
+ 
+-func (s *MockStorage) AccessibleTopologies(ctx context.Context, volId string, params *volume.Parameters) ([]*csi.Topology, error) {
++func (s *MockStorage) AccessibleTopologies(ctx context.Context, volId string, params *volume.Parameters, _ *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
+ 	return nil, nil
+ }
+ 
+diff --git a/pkg/driver/driver.go b/pkg/driver/driver.go
+index 150172a..5ef5ca4 100644
+--- a/pkg/driver/driver.go
++++ b/pkg/driver/driver.go
+@@ -34,6 +34,7 @@ import (
+ 
+ 	lc "github.com/LINBIT/golinstor"
+ 	"github.com/container-storage-interface/spec/lib/go/csi"
++	srv "github.com/deckhouse/sds-replicated-volume/api/v1alpha1"
+ 	"github.com/haySwim/data"
+ 	"github.com/sirupsen/logrus"
+ 	"google.golang.org/grpc"
+@@ -42,8 +43,10 @@ import (
+ 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ 	"k8s.io/apimachinery/pkg/runtime/schema"
++	"k8s.io/apimachinery/pkg/types"
+ 	"k8s.io/client-go/dynamic"
+ 	"k8s.io/client-go/rest"
++	kcl "sigs.k8s.io/controller-runtime/pkg/client"
+ 
+ 	"github.com/piraeusdatastore/linstor-csi/pkg/client"
+ 	"github.com/piraeusdatastore/linstor-csi/pkg/linstor"
+@@ -53,6 +56,10 @@ import (
+ // Version is set via ldflags configued in the Makefile.
+ var Version = "UNKNOWN"
+ 
++const (
++	storageClassAuxPrefix = "Aux/class.storage.deckhouse.io/"
++)
++
+ // Driver fullfils CSI controller, node, and indentity server interfaces.
+ type Driver struct {
+ 	Storage       volume.CreateDeleter
+@@ -66,6 +73,7 @@ type Driver struct {
+ 	srv           *grpc.Server
+ 	log           *logrus.Entry
+ 	version       string
++	cl            kcl.Client
+ 	// name distingushes the driver from other drivers and is used to mark
+ 	// volumes so that volumes provisioned by another driver are not interfered with.
+ 	name string
+@@ -256,6 +264,14 @@ func ConfigureKubernetesIfAvailable() func(*Driver) error {
+ 	}
+ }
+ 
++// Kubeclient configures the driver with a provided Kubernetes client
++func Kubeclient(cl kcl.Client) func(*Driver) error {
++	return func(d *Driver) error {
++		d.cl = cl
++		return nil
++	}
++}
++
+ // GetPluginInfo https://github.com/container-storage-interface/spec/blob/v1.9.0/spec.md#getplugininfo
+ func (d Driver) GetPluginInfo(ctx context.Context, req *csi.GetPluginInfoRequest) (*csi.GetPluginInfoResponse, error) {
+ 	return &csi.GetPluginInfoResponse{
+@@ -571,7 +587,24 @@ func (d Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
+ 			}
+ 		}
+ 
+-		topos, err := d.Storage.AccessibleTopologies(ctx, existingVolume.ID, &params)
++		storageClassName, found := strings.CutPrefix(params.ReplicasOnSame[0], storageClassAuxPrefix)
++		if !found {
++			return nil, status.Errorf(codes.Internal, "failed to extract storage class name from replica: %s", params.ReplicasOnSame[0])
++		}
++
++		rsc := &srv.ReplicatedStorageClass{}
++		if err := d.cl.Get(ctx, types.NamespacedName{Name: storageClassName}, rsc); err != nil {
++			return nil, status.Errorf(codes.NotFound,
++				"CreateVolume failed for %s: unable to find storage class: %v", volId, err)
++		}
++
++		topologiesParams := &volume.AccessibleTopologiesParams{
++			SCZones:        rsc.Spec.Zones,
++			SCVolumeAccess: rsc.Spec.VolumeAccess,
++			SCTopology:     rsc.Spec.Topology,
++		}
++
++		topos, err := d.Storage.AccessibleTopologies(ctx, existingVolume.ID, &params, topologiesParams)
+ 		if err != nil {
+ 			return nil, status.Errorf(
+ 				codes.Internal, "CreateVolume failed for %s: unable to determine volume topology: %v",
+@@ -1354,7 +1387,23 @@ func (d Driver) createNewVolume(ctx context.Context, info *volume.Info, params *
+ 		}
+ 	}
+ 
+-	topos, err := d.Storage.AccessibleTopologies(ctx, info.ID, params)
++	storageClassName, found := strings.CutPrefix(params.ReplicasOnSame[0], storageClassAuxPrefix)
++	if !found {
++		return nil, status.Errorf(codes.InvalidArgument,
++			"CreateVolume failed for %s: no storage class found for replicasOnSame", info.ID)
++	}
++	rsc := &srv.ReplicatedStorageClass{}
++	if err := d.cl.Get(ctx, types.NamespacedName{Name: storageClassName}, rsc); err != nil {
++		return nil, status.Errorf(codes.NotFound,
++			"CreateVolume failed for %s: replicated storage class not found: %v", info.ID, err)
++	}
++	topologiesParams := &volume.AccessibleTopologiesParams{
++		SCVolumeAccess: rsc.Spec.VolumeAccess,
++		SCZones:        rsc.Spec.Zones,
++		SCTopology:     rsc.Spec.Topology,
++	}
++
++	topos, err := d.Storage.AccessibleTopologies(ctx, info.ID, params, topologiesParams)
+ 	if err != nil {
+ 		return nil, status.Errorf(
+ 			codes.Internal, "CreateVolume failed for %s: unable to determine volume topology: %v",
+diff --git a/pkg/linstor/highlevelclient/high_level_client.go b/pkg/linstor/highlevelclient/high_level_client.go
+index ec4dddd..3dfd78e 100644
+--- a/pkg/linstor/highlevelclient/high_level_client.go
++++ b/pkg/linstor/highlevelclient/high_level_client.go
+@@ -62,15 +62,39 @@ func NewHighLevelClient(options ...lapi.Option) (*HighLevelClient, error) {
+ 
+ // GenericAccessibleTopologies returns topologies based on linstor storage pools
+ // and whether a resource is allowed to be accessed over the network.
+-func (c *HighLevelClient) GenericAccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error) {
++func (c *HighLevelClient) GenericAccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, params *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
++	if params == nil {
++		return nil, fmt.Errorf("params must not be nil")
++	}
++
+ 	// Get all nodes where the resource is physically located.
+ 	r, err := c.Resources.GetAll(ctx, volId)
+ 	if err != nil {
+ 		return nil, fmt.Errorf("unable to determine AccessibleTopologies: %v", err)
+ 	}
+ 
+-	// Volume is definitely accessible on the nodes it's deployed on.
+-	nodeNames := util.DeployedDiskfullyNodes(r)
++	var nodeNames []string
++	switch params.SCVolumeAccess {
++	case "PreferablyLocal", "EventuallyLocal", "Any":
++		switch params.SCTopology {
++		case "TransZonal":
++			res := make([]*csi.Topology, len(params.SCZones))
++			for i, zone := range params.SCZones {
++				res[i] = &csi.Topology{Segments: map[string]string{"topology.kubernetes.io/zone": zone}}
++			}
++			return res, nil
++		case "Zonal":
++			nodeNames = util.DeployedDiskfullyNodes(r)
++		case "Ignored":
++			return []*csi.Topology{}, nil
++		default:
++			return nil, fmt.Errorf("invalid topology: %s", params.SCTopology)
++		}
++	case "Local":
++		nodeNames = util.DeployedDiskfullyNodes(r)
++	default:
++		return nil, fmt.Errorf("invalid volume access policy: %s", params.SCVolumeAccess)
++	}
+ 
+ 	nodes, err := c.Nodes.GetAll(ctx, &lapi.ListOpts{Node: nodeNames})
+ 	if err != nil {
+diff --git a/pkg/topology/scheduler/autoplace/autoplace.go b/pkg/topology/scheduler/autoplace/autoplace.go
+index 74892f7..d96cf71 100644
+--- a/pkg/topology/scheduler/autoplace/autoplace.go
++++ b/pkg/topology/scheduler/autoplace/autoplace.go
+@@ -41,6 +41,6 @@ func (s *Scheduler) Create(ctx context.Context, volId string, _ *volume.Paramete
+ 	return s.Resources.Autoplace(ctx, volId, client.AutoPlaceRequest{})
+ }
+ 
+-func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error) {
+-	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy)
++func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, p *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
++	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy, p)
+ }
+diff --git a/pkg/topology/scheduler/autoplacetopology/autoplacetopology.go b/pkg/topology/scheduler/autoplacetopology/autoplacetopology.go
+index 71ad928..8a3100e 100644
+--- a/pkg/topology/scheduler/autoplacetopology/autoplacetopology.go
++++ b/pkg/topology/scheduler/autoplacetopology/autoplacetopology.go
+@@ -250,8 +250,8 @@ func (s *Scheduler) GetCurrentDiskfulNodes(ctx context.Context, volId string) ([
+ 	return util.DeployedDiskfullyNodes(existingRes), nil
+ }
+ 
+-func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error) {
+-	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy)
++func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, p *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
++	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy, p)
+ }
+ 
+ func NewScheduler(c *lc.HighLevelClient, l *logrus.Entry) *Scheduler {
+diff --git a/pkg/topology/scheduler/balancer/balancer.go b/pkg/topology/scheduler/balancer/balancer.go
+index f39f957..f6a88d6 100644
+--- a/pkg/topology/scheduler/balancer/balancer.go
++++ b/pkg/topology/scheduler/balancer/balancer.go
+@@ -377,7 +377,7 @@ func (b BalanceScheduler) Create(ctx context.Context, volId string, params *volu
+ 	return nil
+ }
+ 
+-func (b BalanceScheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error) {
++func (b BalanceScheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, _ *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
+ 	r, err := b.Resources.GetAll(ctx, volId)
+ 	if err != nil {
+ 		return nil, fmt.Errorf("unable to determine AccessibleTopologies: %v", err)
+diff --git a/pkg/topology/scheduler/followtopology/follow_topology.go b/pkg/topology/scheduler/followtopology/follow_topology.go
+index 4e2d604..5fe06f2 100644
+--- a/pkg/topology/scheduler/followtopology/follow_topology.go
++++ b/pkg/topology/scheduler/followtopology/follow_topology.go
+@@ -113,6 +113,6 @@ func deleteSegment(topos []*csi.Topology, segment map[string]string) []*csi.Topo
+ 	return topos
+ }
+ 
+-func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error) {
+-	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy)
++func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, p *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
++	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy, p)
+ }
+diff --git a/pkg/topology/scheduler/manual/manual.go b/pkg/topology/scheduler/manual/manual.go
+index 5b21b2f..d4e5405 100644
+--- a/pkg/topology/scheduler/manual/manual.go
++++ b/pkg/topology/scheduler/manual/manual.go
+@@ -51,6 +51,6 @@ func (s *Scheduler) Create(ctx context.Context, volId string, params *volume.Par
+ 	return nil
+ }
+ 
+-func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error) {
+-	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy)
++func (s *Scheduler) AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, p *volume.AccessibleTopologiesParams) ([]*csi.Topology, error) {
++	return s.GenericAccessibleTopologies(ctx, volId, remoteAccessPolicy, p)
+ }
+diff --git a/pkg/topology/scheduler/scheduler.go b/pkg/topology/scheduler/scheduler.go
+index 888e30f..573d24e 100644
+--- a/pkg/topology/scheduler/scheduler.go
++++ b/pkg/topology/scheduler/scheduler.go
+@@ -29,5 +29,5 @@ import (
+ // Interface determines where to place volumes and where they are accessible from.
+ type Interface interface {
+ 	Create(ctx context.Context, volId string, params *volume.Parameters, topologies *csi.TopologyRequirement) error
+-	AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy) ([]*csi.Topology, error)
++	AccessibleTopologies(ctx context.Context, volId string, remoteAccessPolicy volume.RemoteAccessPolicy, p *volume.AccessibleTopologiesParams) ([]*csi.Topology, error)
+ }
+diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go
+index 52f4f38..ba7c285 100644
+--- a/pkg/volume/volume.go
++++ b/pkg/volume/volume.go
+@@ -49,6 +49,12 @@ type Snapshot struct {
+ 	Remote string
+ }
+ 
++type AccessibleTopologiesParams struct {
++	SCVolumeAccess string
++	SCZones        []string
++	SCTopology     string
++}
++
+ // CreateDeleter handles the creation and deletion of volumes.
+ type CreateDeleter interface {
+ 	Querier
+@@ -58,7 +64,7 @@ type CreateDeleter interface {
+ 
+ 	// AccessibleTopologies returns the list of key value pairs volume topologies
+ 	// for the volume or nil if not applicable.
+-	AccessibleTopologies(ctx context.Context, volId string, params *Parameters) ([]*csi.Topology, error)
++	AccessibleTopologies(ctx context.Context, volId string, params *Parameters, p *AccessibleTopologiesParams) ([]*csi.Topology, error)
+ 
+ 	// GetLegacyVolumeContext tries to fetch the volume context from legacy properties.
+ 	GetLegacyVolumeParameters(ctx context.Context, volId string) (*Parameters, error)
+-- 
+2.39.5 (Apple Git-154)
+
diff --git a/images/linstor-csi/werf.inc.yaml b/images/linstor-csi/werf.inc.yaml
index 4a47022b..29820e5c 100644
--- a/images/linstor-csi/werf.inc.yaml
+++ b/images/linstor-csi/werf.inc.yaml
@@ -1,6 +1,6 @@
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.Root.BASE_GOLANG_1_22 }}
+from: {{ $.Root.BASE_GOLANG_1_23 }}
 final: false
 git:
   - url: {{ $.Root.SOURCE_REPO }}/linbit/linstor-csi
diff --git a/templates/linstor-csi/controller.yaml b/templates/linstor-csi/controller.yaml
index 983302ab..bc4da8b7 100644
--- a/templates/linstor-csi/controller.yaml
+++ b/templates/linstor-csi/controller.yaml
@@ -368,8 +368,8 @@ spec:
         terminationMessagePolicy: File
       restartPolicy: Always
       schedulerName: default-scheduler
-      serviceAccount: default
-      serviceAccountName: default
+      serviceAccount: linstor-csi-node
+      serviceAccountName: linstor-csi-node
       terminationGracePeriodSeconds: 30
       volumes:
         - hostPath:
diff --git a/templates/linstor-csi/rbac-for-us.yaml b/templates/linstor-csi/rbac-for-us.yaml
index 89e8987a..1ce1f442 100644
--- a/templates/linstor-csi/rbac-for-us.yaml
+++ b/templates/linstor-csi/rbac-for-us.yaml
@@ -1 +1,56 @@
 {{- include "helm_lib_csi_controller_rbac" . }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: linstor-csi-node
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "app" "linstor-csi-node")) | nindent 2 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: d8:{{ .Chart.Name }}:storagepool-reader
+  {{- include "helm_lib_module_labels" (list . (dict "app" "linstor-csi-controller")) | nindent 2 }}
+rules:
+  - apiGroups: ["storage.deckhouse.io"]
+    resources: ["replicatedstoragepools", "lvmvolumegroups"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: d8:{{ .Chart.Name }}:storagepool-reader-binding
+  {{- include "helm_lib_module_labels" (list . (dict "app" "linstor-csi-controller")) | nindent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: csi
+    namespace: d8-sds-replicated-volume
+roleRef:
+  kind: ClusterRole
+  name: d8:{{ .Chart.Name }}:storagepool-reader
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: d8:{{ .Chart.Name }}:rsc-watcher
+  {{- include "helm_lib_module_labels" (list . (dict "app" "linstor-csi-controller")) | nindent 2 }}
+rules:
+  - apiGroups: ["storage.deckhouse.io"]
+    resources: ["replicatedstorageclasses"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: d8:{{ .Chart.Name }}:rsc-read-access
+  {{- include "helm_lib_module_labels" (list . (dict "app" "linstor-csi-controller")) | nindent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: csi
+    namespace: d8-sds-replicated-volume
+roleRef:
+  kind: ClusterRole
+  name: d8:{{ .Chart.Name }}:rsc-watcher
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file