fix: grant more permissions to cloud node lifecycle controller

Author: iExalt

Diff for: internal/node/utils.go

@@ -29,16 +29,22 @@ func StartCloudNodeLifecycleControllerWrapper(initContext app.ControllerInitCont
 
 //nolint:gocritic // need to follow upstream function signature
 func startCloudNodeLifecycleController(ctx context.Context,
-	initContext app.ControllerInitContext,
+	_ app.ControllerInitContext,
 	controlexContext controllermanagerapp.ControllerContext,
 	completedConfig *config.CompletedConfig,
 	cloud cloudprovider.Interface,
 ) (controller.Interface, bool, error) {
+	// Use CCM's kubeconfig to create a clientset for the custom node lifecycle controller because we need permissions
+	// to list and delete VolumeAttachments
+	ccmClientSet, err := clientset.NewForConfig(completedConfig.Kubeconfig)
+	if err != nil {
+		return nil, false, fmt.Errorf("failed to create clientset from ccm kubeconfig: %w", err)
+	}
+
 	// Start the cloudNodeLifecycleController
 	cloudNodeLifecycleController, err := NewCloudNodeLifecycleController(
 		completedConfig.SharedInformers.Core().V1().Nodes(),
-		// cloud node lifecycle controller uses existing cluster role from node-controller
-		completedConfig.ClientBuilder.ClientOrDie(initContext.ClientName),
+		ccmClientSet,
 		cloud,
 		completedConfig.ComponentConfig.KubeCloudShared.NodeMonitorPeriod.Duration,
 	)