From 394b4243e94d4a7bfb456af7cfbd66ffc5f8027c Mon Sep 17 00:00:00 2001
From: Jan Nemcik <jan.nemcik@solargis.com>
Date: Tue, 5 Dec 2023 18:05:11 +0100
Subject: [PATCH 1/2] helm: update node plugin cluster role

added permission to get nodes for rbd and cephfs nodeplugin daemonset

Signed-off-by: Jan Nemcik <jan.nemcik@solargis.com>
(cherry picked from commit 1fb6d8f891f7414ee5ba4520d2077aeea9a73c1e)
---
 charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml | 2 --
 charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml    | 2 --
 2 files changed, 4 deletions(-)

diff --git a/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml b/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
index e425f184050..ec61a67137b 100644
--- a/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
+++ b/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
@@ -11,9 +11,7 @@ metadata:
     heritage: {{ .Release.Service }}
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
-{{- if and .Values.readAffinity .Values.readAffinity.enabled }}
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get"]
-{{- end }}
 {{- end -}}
diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
index aa8ddd4fd6b..497d5a9b190 100644
--- a/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
@@ -11,11 +11,9 @@ metadata:
     heritage: {{ .Release.Service }}
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 rules:
-{{- if .Values.topology.enabled }}
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get"]
-{{- end }}
   # allow to read Vault Token and connection options from the Tenants namespace
   - apiGroups: [""]
     resources: ["secrets"]

From 420d23252a45356d682551a71c7d72579dc0cb34 Mon Sep 17 00:00:00 2001
From: Jan Nemcik <jan.nemcik@solargis.com>
Date: Sat, 9 Dec 2023 12:43:07 +0100
Subject: [PATCH 2/2] rbd: updated node labels fetching logic

node labels are fetched only if controller is running in k8s and is nodeserver

Signed-off-by: Jan Nemcik <jan.nemcik@solargis.com>
(cherry picked from commit 344354637056cd27a79ec2fd77b132639101e468)
---
 internal/rbd/driver/driver.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/rbd/driver/driver.go b/internal/rbd/driver/driver.go
index 4d7061b8e1e..c4c736c3447 100644
--- a/internal/rbd/driver/driver.go
+++ b/internal/rbd/driver/driver.go
@@ -125,7 +125,7 @@ func (r *Driver) Run(conf *util.Config) {
 			})
 	}
 
-	if k8s.RunsOnKubernetes() {
+	if k8s.RunsOnKubernetes() && conf.IsNodeServer {
 		nodeLabels, err = k8s.GetNodeLabels(conf.NodeID)
 		if err != nil {
 			log.FatalLogMsg(err.Error())