fix: grant more permissions to cloud node lifecycle controller

Author: iExalt

Diff for: internal/node/utils.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 	clientset "k8s.io/client-go/kubernetes"
 	cloudprovider "k8s.io/cloud-provider"
 	"k8s.io/cloud-provider/app"
@@ -29,16 +30,22 @@ func StartCloudNodeLifecycleControllerWrapper(initContext app.ControllerInitCont
 
 //nolint:gocritic // need to follow upstream function signature
 func startCloudNodeLifecycleController(ctx context.Context,
-	initContext app.ControllerInitContext,
+	_ app.ControllerInitContext,
 	controlexContext controllermanagerapp.ControllerContext,
 	completedConfig *config.CompletedConfig,
 	cloud cloudprovider.Interface,
 ) (controller.Interface, bool, error) {
+	// Use CCM's kubeconfig to create a clientset for the custom node lifecycle controller because we need permissions
+	// to list and delete VolumeAttachments
+	ccmClientSet, err := kubernetes.NewForConfig(completedConfig.Kubeconfig)
+	if err != nil {
+		return nil, false, err
+	}
+
 	// Start the cloudNodeLifecycleController
 	cloudNodeLifecycleController, err := NewCloudNodeLifecycleController(
 		completedConfig.SharedInformers.Core().V1().Nodes(),
-		// cloud node lifecycle controller uses existing cluster role from node-controller
-		completedConfig.ClientBuilder.ClientOrDie(initContext.ClientName),
+		ccmClientSet,
 		cloud,
 		completedConfig.ComponentConfig.KubeCloudShared.NodeMonitorPeriod.Duration,
 	)