diff --git a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
index 875e7de9..78d6cfdd 100644
--- a/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
+++ b/ceph/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl
@@ -47,7 +47,7 @@ type: Opaque
 data:
   ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} )
 EOF
-    } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+    } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
   fi
 }
 
diff --git a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
index 2f75d4f5..9521b368 100644
--- a/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
+++ b/ceph/templates/bin/keys/_storage-keyring-manager.sh.tpl
@@ -49,7 +49,7 @@ type: Opaque
 data:
   ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} )
 EOF
-    } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+    } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
   fi
 }
 #create_kube_key <ceph_key> <ceph_keyring_name> <ceph_keyring_template> <kube_secret_name>
@@ -71,7 +71,7 @@ type: kubernetes.io/rbd
 data:
   key: $( echo ${CEPH_KEYRING} | base64 | tr -d '\n' )
 EOF
-    } | kubectl create --namespace ${DEPLOYMENT_NAMESPACE} -f -
+    } | kubectl apply --namespace ${DEPLOYMENT_NAMESPACE} -f -
   fi
 }
 #create_kube_storage_key <ceph_key> <kube_secret_name>
diff --git a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
index 8593e6dd..fe06a087 100644
--- a/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
+++ b/ceph/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl
@@ -37,7 +37,7 @@ type: "${secret_type}"
 data:
   key: $( echo ${ceph_key} )
 EOF
-  } | kubectl create --namespace ${kube_namespace} -f -
+  } | kubectl apply --namespace ${kube_namespace} -f -
 }
 
 if ! kubectl get --namespace ${DEPLOYMENT_NAMESPACE} secrets ${PVC_CEPH_CEPHFS_STORAGECLASS_USER_SECRET_NAME}; then
diff --git a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
index 6123f84a..5711ae39 100644
--- a/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
+++ b/ceph/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl
@@ -37,7 +37,7 @@ type: "${secret_type}"
 data:
   key: $( echo ${ceph_key} )
 EOF
-  } | kubectl create --namespace ${kube_namespace} -f -
+  } | kubectl apply --namespace ${kube_namespace} -f -
 }
 
 ceph_activate_namespace ${DEPLOYMENT_NAMESPACE} "kubernetes.io/rbd" ${PVC_CEPH_RBD_STORAGECLASS_USER_SECRET_NAME} "$(echo ${CEPH_RBD_KEY} | jq -r '.data | .[]')"
diff --git a/ceph/templates/job-cephfs-client-key.yaml b/ceph/templates/job-cephfs-client-key.yaml
index 90e0a2ee..c1e43ddc 100644
--- a/ceph/templates/job-cephfs-client-key.yaml
+++ b/ceph/templates/job-cephfs-client-key.yaml
@@ -36,6 +36,7 @@ rules:
       - get
       - create
       - update
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/ceph/templates/job-keyring.yaml b/ceph/templates/job-keyring.yaml
index d548377c..9faa9a43 100644
--- a/ceph/templates/job-keyring.yaml
+++ b/ceph/templates/job-keyring.yaml
@@ -37,6 +37,7 @@ rules:
     verbs:
       - get
       - create
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/ceph/templates/job-namespace-client-key.yaml b/ceph/templates/job-namespace-client-key.yaml
index 295cb613..4f35712e 100644
--- a/ceph/templates/job-namespace-client-key.yaml
+++ b/ceph/templates/job-namespace-client-key.yaml
@@ -36,6 +36,7 @@ rules:
       - get
       - create
       - update
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/ceph/templates/job-storage-admin-keys.yaml b/ceph/templates/job-storage-admin-keys.yaml
index a5cb19cd..d1bbee6c 100644
--- a/ceph/templates/job-storage-admin-keys.yaml
+++ b/ceph/templates/job-storage-admin-keys.yaml
@@ -33,6 +33,7 @@ rules:
     verbs:
       - get
       - create
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/cinder/templates/bin/_backup-storage-init.sh.tpl b/cinder/templates/bin/_backup-storage-init.sh.tpl
index 75b39a67..239aa8c6 100644
--- a/cinder/templates/bin/_backup-storage-init.sh.tpl
+++ b/cinder/templates/bin/_backup-storage-init.sh.tpl
@@ -63,6 +63,6 @@ type: kubernetes.io/rbd
 data:
   key: $( echo ${ENCODED_KEYRING} )
 EOF
-  kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+  kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
 
 fi
diff --git a/cinder/templates/bin/_storage-init.sh.tpl b/cinder/templates/bin/_storage-init.sh.tpl
index 3398d710..1a4b11c2 100644
--- a/cinder/templates/bin/_storage-init.sh.tpl
+++ b/cinder/templates/bin/_storage-init.sh.tpl
@@ -60,6 +60,6 @@ type: kubernetes.io/rbd
 data:
   key: $( echo ${ENCODED_KEYRING} )
 EOF
-  kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+  kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
 
 fi
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index 2b3d2352..ebd94bdd 100644
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
       - get
       - create
       - update
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
index 81037069..3c30b135 100644
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
       - get
       - create
       - update
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl
index 895d4b27..ea57b49e 100644
--- a/glance/templates/bin/_storage-init.sh.tpl
+++ b/glance/templates/bin/_storage-init.sh.tpl
@@ -62,7 +62,7 @@ type: kubernetes.io/rbd
 data:
   key: $( echo ${ENCODED_KEYRING} )
 EOF
-  kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+  kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
 elif [ "x$STORAGE_BACKEND" == "xradosgw" ]; then
   radosgw-admin user stats --uid="${RADOSGW_USERNAME}" || \
     radosgw-admin user create \
diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml
index 04da8dbb..1445554b 100644
--- a/glance/templates/job-storage-init.yaml
+++ b/glance/templates/job-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
       - get
       - create
       - update
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
diff --git a/gnocchi/templates/bin/_storage-init.sh.tpl b/gnocchi/templates/bin/_storage-init.sh.tpl
index 34109468..e25eb0c1 100644
--- a/gnocchi/templates/bin/_storage-init.sh.tpl
+++ b/gnocchi/templates/bin/_storage-init.sh.tpl
@@ -57,4 +57,4 @@ type: kubernetes.io/rbd
 data:
   key: $( echo ${ENCODED_KEYRING} )
 EOF
-kubectl create --namespace ${NAMESPACE} -f ${SECRET}
+kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml
index e4744f58..c75b0744 100644
--- a/gnocchi/templates/job-storage-init.yaml
+++ b/gnocchi/templates/job-storage-init.yaml
@@ -34,6 +34,7 @@ rules:
       - get
       - create
       - update
+      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding