diff --git a/cmd/csi-snapshotter/main.go b/cmd/csi-snapshotter/main.go index 3f7734e63..42e8404af 100644 --- a/cmd/csi-snapshotter/main.go +++ b/cmd/csi-snapshotter/main.go @@ -100,6 +100,12 @@ func main() { } klog.Infof("Version: %s", version) + // If distributed snapshotting is enabled and leaderElection is also set to true, return + if *enableNodeDeployment && *leaderElection { + klog.Error("Leader election cannot happen when node-deployment is set to true") + os.Exit(1) + } + // Create the client config. Use kubeconfig if given, otherwise assume in-cluster. config, err := buildConfig(*kubeconfig) if err != nil { diff --git a/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml b/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml index 981c247bb..acf206441 100644 --- a/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml +++ b/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml @@ -44,9 +44,10 @@ rules: - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots/status"] verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] + # Enable this RBAC rule only when using distributed snapshotting, i.e. when the node-deployment flag is set to true + # - apiGroups: [""] + # resources: ["nodes"] + # verbs: ["get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/pkg/utils/util.go b/pkg/utils/util.go index 55c586723..fdaf0aee2 100644 --- a/pkg/utils/util.go +++ b/pkg/utils/util.go @@ -107,7 +107,7 @@ const ( // VolumeSnapshotInvalidLabel is applied to invalid snapshot as a label key. The value does not matter. // See https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/177-volume-snapshot/tighten-validation-webhook-crd.md#automatic-labelling-of-invalid-objects VolumeSnapshotInvalidLabel = "snapshot.storage.kubernetes.io/invalid-snapshot-resource" - VolumeSnapshotContentManagedByLabel = "csi.storage.k8s.io/managed-by" + VolumeSnapshotContentManagedByLabel = "snapshot.storage.kubernetes.io/managed-by" ) var SnapshotterSecretParams = secretParamsMap{