From 2e5b1be2378478562b3e9e2edae1f6bbaef1ebc6 Mon Sep 17 00:00:00 2001
From: hoyho <luohaihao@gmail.com>
Date: Thu, 6 Jun 2019 01:19:01 +0800
Subject: [PATCH] update rbac for secret

---
 deploy/kubernetes/rbac.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/deploy/kubernetes/rbac.yaml b/deploy/kubernetes/rbac.yaml
index 3c1686be9..97bca15e9 100644
--- a/deploy/kubernetes/rbac.yaml
+++ b/deploy/kubernetes/rbac.yaml
@@ -34,6 +34,13 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["get", "list", "watch", "update", "patch"]
+#Secret permission is optional.
+#Enable it if you need value from secret.
+#For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters
+#see https://kubernetes-csi.github.io/docs/secrets-and-credentials.html
+#  - apiGroups: [""]
+#    resources: ["secrets"]
+#    verbs: ["get", "list"]
 
 ---
 kind: ClusterRoleBinding