diff --git a/README.md b/README.md index 73fbdc79..4c82a94d 100644 --- a/README.md +++ b/README.md @@ -9,11 +9,8 @@ More information about the Kubernetes CSI can be found in the GitHub [Kubernetes ### Requirements -* Kubernetes v1.13+ +* Kubernetes v1.15+ * The node `hostname` must match the Linode Instance `label` -* `--allow-privileged` must be enabled for the API server and kubelet -* Should have the following [feature gates enabled](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#overview): `CSINodeInfo`, `CSIDriverRegistry` -* The following feature gates may be used in future versions: `BlockVolume`, `CSIBlockVolume` ### Secure a Linode API Access Token: @@ -131,7 +128,6 @@ persistence ## Disclaimers * Until this driver has reached v1.0.0 it may not maintain compatibility between driver versions -* This driver does not work with versions of Kubernetes earlier than 1.13 * Requests for Persistent Volumes with a `require_size` less than the Linode minimum Block Storage size will be fulfilled with a Linode Block Storage volume of the minimum size (currently 10GiB), this is [in accordance with the CSI specification](https://github.com/container-storage-interface/spec/blob/v1.0.0/spec.md#createvolume). The upper-limit size constraint (`limit_bytes`) will also be honored so the size of Linode Block Storage volumes provisioned will not exceed this parameter. ## Contribution Guidelines diff --git a/app/linode/Dockerfile b/app/linode/Dockerfile index 1f901cbd..aaa6e35e 100644 --- a/app/linode/Dockerfile +++ b/app/linode/Dockerfile @@ -2,7 +2,7 @@ FROM alpine LABEL maintainers="Linode" LABEL description="Linode CSI Driver" -RUN apk add --no-cache ca-certificates e2fsprogs findmnt +RUN apk add --no-cache ca-certificates e2fsprogs findmnt blkid COPY ./_output/linode /linode diff --git a/deploy/kubernetes/base/accounts-roles-bindings.yaml b/deploy/kubernetes/base/accounts-roles-bindings.yaml new file mode 100644 index 00000000..a62ba26c --- /dev/null +++ b/deploy/kubernetes/base/accounts-roles-bindings.yaml @@ -0,0 +1,40 @@ +##### Node Service Account, Roles, RoleBindings +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-sa + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linode-csi-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: linode-csi-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: linode-csi-role + apiGroup: rbac.authorization.k8s.io +--- +##### Controller Service Account, Roles, Rolebindings +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-controller-sa + namespace: kube-system diff --git a/pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml b/deploy/kubernetes/base/cm-get-linode-id.yaml similarity index 100% rename from pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml rename to deploy/kubernetes/base/cm-get-linode-id.yaml diff --git a/pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml b/deploy/kubernetes/base/csi-driver-instance.yaml similarity index 55% rename from pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml rename to deploy/kubernetes/base/csi-driver-instance.yaml index c79a2f4e..fdf29be7 100644 --- a/pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml +++ b/deploy/kubernetes/base/csi-driver-instance.yaml @@ -1,7 +1,7 @@ -apiVersion: csi.storage.k8s.io/v1alpha1 +apiVersion: storage.k8s.io/v1beta1 kind: CSIDriver metadata: name: linodebs.csi.linode.com spec: attachRequired: true - podInfoOnMountVersion: "v1" + podInfoOnMount: true diff --git a/pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml b/deploy/kubernetes/base/csi-storageclass.yaml similarity index 100% rename from pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml rename to deploy/kubernetes/base/csi-storageclass.yaml diff --git a/pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml b/deploy/kubernetes/base/ds-csi-linode-node.yaml similarity index 91% rename from pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml rename to deploy/kubernetes/base/ds-csi-linode-node.yaml index 0fbfa59d..cab25899 100644 --- a/pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml +++ b/deploy/kubernetes/base/ds-csi-linode-node.yaml @@ -33,14 +33,11 @@ spec: mountPath: /scripts hostNetwork: true containers: - - name: driver-registrar - image: quay.io/k8scsi/driver-registrar:v1.0-canary + - name: csi-node-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 args: - "--v=2" - "--csi-address=$(ADDRESS)" - - "--mode=node-register" - - "--driver-requires-attachment=true" - - "--pod-info-mount-version=\"v1\"" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" env: - name: ADDRESS @@ -53,11 +50,11 @@ spec: fieldPath: spec.nodeName volumeMounts: - name: plugin-dir - mountPath: /csi/ + mountPath: /csi - name: registration-dir - mountPath: /registration/ + mountPath: /registration - name: csi-linode-plugin - image: linode/linode-blockstorage-csi-driver:{{ .Values.image.tag }} + image: linode/linode-blockstorage-csi-driver:latest args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(LINODE_TOKEN)" diff --git a/deploy/kubernetes/base/kustomization.yaml b/deploy/kubernetes/base/kustomization.yaml new file mode 100644 index 00000000..a7373909 --- /dev/null +++ b/deploy/kubernetes/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../sidecars/external-provisioner + - ../sidecars/external-attacher + - ../sidecars/external-resizer + - accounts-roles-bindings.yaml + - csi-driver-instance.yaml + - csi-storageclass.yaml + - ss-csi-linode-controller.yaml + - ds-csi-linode-node.yaml + - cm-get-linode-id.yaml diff --git a/pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml b/deploy/kubernetes/base/ss-csi-linode-controller.yaml similarity index 93% rename from pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml rename to deploy/kubernetes/base/ss-csi-linode-controller.yaml index 5585c332..9a3e88ff 100644 --- a/pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml +++ b/deploy/kubernetes/base/ss-csi-linode-controller.yaml @@ -35,7 +35,7 @@ spec: mountPath: /scripts containers: - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.1.0 + image: quay.io/k8scsi/csi-provisioner:v1.6.0 args: - "--volume-name-prefix=pvc" - "--volume-name-uuid-length=16" @@ -49,7 +49,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v1.1.0 + image: quay.io/k8scsi/csi-attacher:v2.2.0 args: - "--v=2" - "--csi-address=$(ADDRESS)" @@ -61,7 +61,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: linode-csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.1.0 + image: quay.io/k8scsi/csi-resizer:v0.5.0 args: - "--v=2" - "--csi-address=$(ADDRESS)" @@ -72,7 +72,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: linode-csi-plugin - image: linode/linode-blockstorage-csi-driver:{{ .Values.image.tag }} + image: linode/linode-blockstorage-csi-driver:latest args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(LINODE_TOKEN)" diff --git a/deploy/kubernetes/overlays/dev/kustomization.yaml b/deploy/kubernetes/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..e49ed666 --- /dev/null +++ b/deploy/kubernetes/overlays/dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +images: + - name: linode/linode-blockstorage-csi-driver + newTag: canary diff --git a/deploy/kubernetes/overlays/release/.gitignore b/deploy/kubernetes/overlays/release/.gitignore new file mode 100644 index 00000000..303b66b5 --- /dev/null +++ b/deploy/kubernetes/overlays/release/.gitignore @@ -0,0 +1 @@ +kustomization.yaml diff --git a/deploy/kubernetes/overlays/release/kustomization.yaml.template b/deploy/kubernetes/overlays/release/kustomization.yaml.template new file mode 100644 index 00000000..b30ce2aa --- /dev/null +++ b/deploy/kubernetes/overlays/release/kustomization.yaml.template @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +images: + - name: linode/linode-blockstorage-csi-driver + newTag: ${CSI_VERSION} diff --git a/deploy/kubernetes/sidecars/external-attacher/kustomization.yaml b/deploy/kubernetes/sidecars/external-attacher/kustomization.yaml new file mode 100644 index 00000000..a8130aac --- /dev/null +++ b/deploy/kubernetes/sidecars/external-attacher/kustomization.yaml @@ -0,0 +1,50 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml +namespace: kube-system +patchesStrategicMerge: + - |- + kind: RoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: csi-attacher-role-cfg + $patch: delete + - |- + kind: Role + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: external-attacher-cfg + $patch: delete + - |- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: csi-attacher + $patch: delete +patchesJson6902: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: external-attacher-runner + patch: |- + - op: replace + path: /metadata/name + value: external-attacher-role + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRoleBinding + name: csi-attacher-role + patch: |- + - op: replace + path: /metadata/name + value: csi-controller-attacher-binding + - op: replace + path: /subjects/0/name + value: csi-controller-sa + - op: replace + path: /subjects/0/namespace + value: kube-system + diff --git a/deploy/kubernetes/sidecars/external-attacher/rbac.yaml b/deploy/kubernetes/sidecars/external-attacher/rbac.yaml new file mode 100644 index 00000000..3bbea415 --- /dev/null +++ b/deploy/kubernetes/sidecars/external-attacher/rbac.yaml @@ -0,0 +1,88 @@ +# xref: https://raw.githubusercontent.com/kubernetes-csi/external-attacher/release-2.2/deploy/kubernetes/rbac.yaml + +# This YAML file contains all RBAC objects that are necessary to run external +# CSI attacher. +# +# In production, each CSI driver deployment has to be customized: +# - to avoid conflicts, use non-default namespace and different names +# for non-namespaced entities like the ClusterRole +# - decide whether the deployment replicates the external CSI +# attacher, in which case leadership election must be enabled; +# this influences the RBAC setup, see below + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + # replace with non-default namespace name + namespace: default + +--- +# Attacher must be able to work with PVs, CSINodes and VolumeAttachments +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +#Secret permission is optional. +#Enable it if you need value from secret. +#For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters +#see https://kubernetes-csi.github.io/docs/secrets-and-credentials.html +# - apiGroups: [""] +# resources: ["secrets"] +# verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role +subjects: + - kind: ServiceAccount + name: csi-attacher + # replace with non-default namespace name + namespace: default +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io + +--- +# Attacher must be able to work with configmaps or leases in the current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # replace with non-default namespace name + namespace: default + name: external-attacher-cfg +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role-cfg + # replace with non-default namespace name + namespace: default +subjects: + - kind: ServiceAccount + name: csi-attacher + # replace with non-default namespace name + namespace: default +roleRef: + kind: Role + name: external-attacher-cfg + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/sidecars/external-provisioner/kustomization.yaml b/deploy/kubernetes/sidecars/external-provisioner/kustomization.yaml new file mode 100644 index 00000000..e38957e0 --- /dev/null +++ b/deploy/kubernetes/sidecars/external-provisioner/kustomization.yaml @@ -0,0 +1,49 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml +namespace: kube-system +patchesStrategicMerge: + - |- + kind: RoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: csi-provisioner-role-cfg + $patch: delete + - |- + kind: Role + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: external-provisioner-cfg + $patch: delete + - |- + kind: ServiceAccount + apiVersion: v1 + metadata: + name: csi-provisioner + $patch: delete +patchesJson6902: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: external-provisioner-runner + patch: |- + - op: replace + path: /metadata/name + value: external-provisioner-role + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRoleBinding + name: csi-provisioner-role + patch: |- + - op: replace + path: /metadata/name + value: csi-controller-provisioner-binding + - op: replace + path: /subjects/0/name + value: csi-controller-sa + - op: replace + path: /subjects/0/namespace + value: kube-system diff --git a/deploy/kubernetes/sidecars/external-provisioner/rbac.yaml b/deploy/kubernetes/sidecars/external-provisioner/rbac.yaml new file mode 100644 index 00000000..cf75a3f4 --- /dev/null +++ b/deploy/kubernetes/sidecars/external-provisioner/rbac.yaml @@ -0,0 +1,105 @@ +# xref: https://raw.githubusercontent.com/kubernetes-csi/external-provisioner/release-1.6/deploy/kubernetes/rbac.yaml + +# This YAML file contains all RBAC objects that are necessary to run external +# CSI provisioner. +# +# In production, each CSI driver deployment has to be customized: +# - to avoid conflicts, use non-default namespace and different names +# for non-namespaced entities like the ClusterRole +# - decide whether the deployment replicates the external CSI +# provisioner, in which case leadership election must be enabled; +# this influences the RBAC setup, see below + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + # replace with non-default namespace name + namespace: default + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role +subjects: + - kind: ServiceAccount + name: csi-provisioner + # replace with non-default namespace name + namespace: default +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io + +--- +# Provisioner must be able to work with endpoints in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # replace with non-default namespace name + namespace: default + name: external-provisioner-cfg +rules: +# Only one of the following rules for endpoints or leases is required based on +# what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases. +- apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role-cfg + # replace with non-default namespace name + namespace: default +subjects: + - kind: ServiceAccount + name: csi-provisioner + # replace with non-default namespace name + namespace: default +roleRef: + kind: Role + name: external-provisioner-cfg + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/sidecars/external-resizer/kustomization.yaml b/deploy/kubernetes/sidecars/external-resizer/kustomization.yaml new file mode 100644 index 00000000..9c1050da --- /dev/null +++ b/deploy/kubernetes/sidecars/external-resizer/kustomization.yaml @@ -0,0 +1,50 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml +namespace: kube-system +patchesStrategicMerge: + - |- + kind: RoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: csi-resizer-role-cfg + $patch: delete + - |- + kind: Role + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: external-resizer-cfg + $patch: delete + - |- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: csi-resizer + $patch: delete +patchesJson6902: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: external-resizer-runner + patch: |- + - op: replace + path: /metadata/name + value: external-resizer-role + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRoleBinding + name: csi-resizer-role + patch: |- + - op: replace + path: /metadata/name + value: csi-controller-resizer-binding + - op: replace + path: /subjects/0/name + value: csi-controller-sa + - op: replace + path: /subjects/0/namespace + value: kube-system + diff --git a/deploy/kubernetes/sidecars/external-resizer/rbac.yaml b/deploy/kubernetes/sidecars/external-resizer/rbac.yaml new file mode 100644 index 00000000..0aac0605 --- /dev/null +++ b/deploy/kubernetes/sidecars/external-resizer/rbac.yaml @@ -0,0 +1,89 @@ +# xref: https://raw.githubusercontent.com/kubernetes-csi/external-resizer/v0.5.0/deploy/kubernetes/rbac.yaml + +# This YAML file contains all RBAC objects that are necessary to run external +# CSI resizer. +# +# In production, each CSI driver deployment has to be customized: +# - to avoid conflicts, use non-default namespace and different names +# for non-namespaced entities like the ClusterRole +# - decide whether the deployment replicates the external CSI +# resizer, in which case leadership election must be enabled; +# this influences the RBAC setup, see below + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-resizer + # replace with non-default namespace name + namespace: default + +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-resizer-runner +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role +subjects: + - kind: ServiceAccount + name: csi-resizer + # replace with non-default namespace name + namespace: default +roleRef: + kind: ClusterRole + name: external-resizer-runner + apiGroup: rbac.authorization.k8s.io + +--- +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # replace with non-default namespace name + namespace: default + name: external-resizer-cfg +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role-cfg + # replace with non-default namespace name + namespace: default +subjects: + - kind: ServiceAccount + name: csi-resizer + # replace with non-default namespace name + namespace: default +roleRef: + kind: Role + name: external-resizer-cfg + apiGroup: rbac.authorization.k8s.io diff --git a/e2e/Makefile b/e2e/Makefile index 9e566f56..6d2233f5 100644 --- a/e2e/Makefile +++ b/e2e/Makefile @@ -1,9 +1,7 @@ export GO111MODULE=on -REGISTRY_NAME=index.docker.io/linode -IMAGE_NAME=linode-blockstorage-csi-driver IMAGE_VERSION=canary -IMAGE_TAG=$(REGISTRY_NAME)/$(IMAGE_NAME):$(IMAGE_VERSION) +K8S_VERSION?="v1.15.12" .PHONY: test reuse-and-test clean check-token install-terraform test-manifest @@ -14,13 +12,11 @@ reuse-and-test: SUITE_ARGS='--reuse' test reuse-and-test: $(GOPATH)/bin/ginkgo check-token test-manifest go list -m; \ - ginkgo -r --v --progress --trace --cover $(TEST_ARGS) -- --v=3 --image=${IMAGE_TAG} $(SUITE_ARGS) + ginkgo -r --v --progress --trace --cover $(TEST_ARGS) -- --v=3 --k8s-version=${K8S_VERSION} $(SUITE_ARGS) clean: check-token cd test; \ - ./scripts/delete_cluster.sh csi-linode-for-reuse; \ - rm terraform.tfstate; \ - rm -rf terraform.tfstate.d + ./scripts/delete_cluster.sh csi-linode-for-reuse check-token: @if test "$(LINODE_API_TOKEN)" = "" ; then \ diff --git a/e2e/test/csi_driver_test.go b/e2e/test/csi_driver_test.go index 096e1c88..01883a47 100644 --- a/e2e/test/csi_driver_test.go +++ b/e2e/test/csi_driver_test.go @@ -102,10 +102,6 @@ var _ = Describe("CSIDriver", func() { Context("Block Storage", func() { Context("Volume Expansion", func() { JustBeforeEach(func() { - By("Applying Manifest") - err = framework.ApplyManifest("apply", "manifest/linode-blockstorage-csi-driver.yaml") - Expect(err).NotTo(HaveOccurred()) - By("Creating Persistent Volume Claim") pvc = f.GetPersistentVolumeClaimObject(size, "linode-block-storage") err = f.CreatePersistentVolumeClaim(pvc) diff --git a/e2e/test/e2e_suite_test.go b/e2e/test/e2e_suite_test.go index c46313dc..7e203e03 100644 --- a/e2e/test/e2e_suite_test.go +++ b/e2e/test/e2e_suite_test.go @@ -32,8 +32,8 @@ var ( ) func init() { - flag.StringVar(&framework.Image, "image", framework.Image, "registry/repository:tag") flag.StringVar(&framework.ApiToken, "api-token", os.Getenv("LINODE_API_TOKEN"), "linode api token") + flag.StringVar(&framework.K8sVersion, "k8s-version", framework.K8sVersion, "Kubernetes version") flag.BoolVar(&reuse, "reuse", reuse, "Create a cluster and continue to use it") flag.BoolVar(&useExisting, "use-existing", useExisting, "Use an existing kubernetes cluster") flag.StringVar(&framework.KubeConfigFile, "kubeconfig", filepath.Join(homedir.HomeDir(), ".kube/config"), "To use existing cluster provide kubeconfig file") diff --git a/e2e/test/framework/cluster.go b/e2e/test/framework/cluster.go index 797468d9..023a33f8 100644 --- a/e2e/test/framework/cluster.go +++ b/e2e/test/framework/cluster.go @@ -1,7 +1,7 @@ package framework func CreateCluster(cluster string) error { - return RunScript("create_cluster.sh", ApiToken, cluster, Image) + return RunScript("create_cluster.sh", ApiToken, cluster, K8sVersion) } func DeleteCluster(cluster string) error { diff --git a/e2e/test/framework/framework.go b/e2e/test/framework/framework.go index 9bc0caf3..7c798492 100644 --- a/e2e/test/framework/framework.go +++ b/e2e/test/framework/framework.go @@ -8,9 +8,9 @@ import ( ) var ( - Image = "linode/linode-blockstorage-csi-driver:latest" ApiToken = "" KubeConfigFile = "" + K8sVersion = "v1.15.12" ) type Framework struct { diff --git a/e2e/test/scripts/create_cluster.sh b/e2e/test/scripts/create_cluster.sh index 2e1350ff..563a2cbf 100755 --- a/e2e/test/scripts/create_cluster.sh +++ b/e2e/test/scripts/create_cluster.sh @@ -7,7 +7,9 @@ set -x export LINODE_API_TOKEN="$1" export CLUSTER_NAME="$2" -export IMAGE="$3" +export K8S_VERSION="$3" + +TEST_MANIFEST=$(realpath "$(dirname "$0")/../manifest/linode-blockstorage-csi-driver.yaml") cat > cluster.tf < k8s.io/api v0.18.8 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.18.8 - k8s.io/apimachinery => k8s.io/apimachinery v0.18.8 - k8s.io/apiserver => k8s.io/apiserver v0.18.8 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.18.8 - k8s.io/client-go => k8s.io/client-go v0.18.8 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.18.8 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.18.8 - k8s.io/code-generator => k8s.io/code-generator v0.18.8 - k8s.io/component-base => k8s.io/component-base v0.18.8 - k8s.io/cri-api => k8s.io/cri-api v0.18.8 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.18.8 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.18.8 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.18.8 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.18.8 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.18.8 - k8s.io/kubectl => k8s.io/kubectl v0.18.8 - k8s.io/kubelet => k8s.io/kubelet v0.18.8 - k8s.io/kubernetes => k8s.io/kubernetes v1.18.8 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.18.8 - k8s.io/metrics => k8s.io/metrics v0.18.8 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.18.8 - + k8s.io/api => k8s.io/api v0.19.2 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.19.2 + k8s.io/apimachinery => k8s.io/apimachinery v0.19.2 + k8s.io/apiserver => k8s.io/apiserver v0.19.2 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.19.2 + k8s.io/client-go => k8s.io/client-go v0.19.2 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.19.2 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.19.2 + k8s.io/code-generator => k8s.io/code-generator v0.19.2 + k8s.io/component-base => k8s.io/component-base v0.19.2 + k8s.io/cri-api => k8s.io/cri-api v0.19.2 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.19.2 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.19.2 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.19.2 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.19.2 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.19.2 + k8s.io/kubectl => k8s.io/kubectl v0.19.2 + k8s.io/kubelet => k8s.io/kubelet v0.19.2 + k8s.io/kubernetes => k8s.io/kubernetes v1.19.2 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.19.2 + k8s.io/metrics => k8s.io/metrics v0.19.2 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.19.2 ) -go 1.13 +go 1.15 diff --git a/go.sum b/go.sum index 769497bc..b1a46b13 100644 --- a/go.sum +++ b/go.sum @@ -14,17 +14,23 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v0.0.0-20200808040245-162e5629780b/go.mod h1:NAJj0yf/KaRKURN6nyi7A9IZydMivZEm9oQLWNjfKDc= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY= +github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= @@ -35,12 +41,11 @@ github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903 h1:LbsanbbD6LieFkXbj9YNNBupiGHJgFeLpO0j0Fza1h8= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= @@ -48,6 +53,7 @@ github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:x github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -60,23 +66,20 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.1.0 h1:rVsPeBmXbYv4If/cumu1AzZPwV58q433hvONV1UEZoI= -github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= +github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I= +github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -100,11 +103,10 @@ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -129,7 +131,6 @@ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -137,32 +138,38 @@ golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 h1:pE8b58s1HRDMi8RDc79m0HISf9D4TzseP40cEA6IGfs= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191113165036-4c7a9d0fe056/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -176,16 +183,19 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20191114150713-6bbd007550de h1:dFEMUWudT9iV1JMk6i6NwbfIw2V/2VDFyDYCZFypRxE= google.golang.org/genproto v0.0.0-20191114150713-6bbd007550de/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.31.1 h1:SfXqXS5hkufcdZ/mHtYCh53P2b+92WQq/DZcKLgsFRs= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -193,12 +203,16 @@ google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -215,21 +229,18 @@ gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.18.8 h1:jimPrycCqgx2QPearX3to1JePz7wSbVLq+7PdBTTwQ0= -k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/apimachinery v0.19.2 h1:5Gy9vQpAGTKHPVOh5c4plE274X8D/6cuEiTO2zve7tc= +k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= +k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog/v2 v2.0.0 h1:Foj74zO6RbjjP4hBEKjnYtjjAhGg4jNynUdYF6fJrok= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY= -k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/utils v0.0.0-20200821003339-5e75c0163111 h1:AChSIFe1D4vQ5XkklbH491v1ONSmnt8fnb235DsAw1U= -k8s.io/utils v0.0.0-20200821003339-5e75c0163111/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A= +k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= +k8s.io/utils v0.0.0-20201005171033-6301aaf42dc7 h1:XQ0OMFdRDkDIu0b1zqEKSZdWUD7I4bZ4d4nqr8CLKbQ= +k8s.io/utils v0.0.0-20201005171033-6301aaf42dc7/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/hack/fetch-manifests.sh b/hack/fetch-manifests.sh new file mode 100755 index 00000000..c562fed2 --- /dev/null +++ b/hack/fetch-manifests.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -euf -o pipefail + +manifest_directory=$(cd "${0%/*}/../deploy/kubernetes/sidecars"; pwd) + +function fetch_manifest { + local source_file=$1 + local target_file=$2 + printf "# xref: %s\n\n" $source_file > $target_file + wget "$source_file" -O - >> $target_file +} + +function external_provisioner { + local version=$1 + local source_directory="https://raw.githubusercontent.com/kubernetes-csi/external-provisioner/release-$version/deploy/kubernetes" + local target_directory="$manifest_directory/external-provisioner" + fetch_manifest "$source_directory/rbac.yaml" "$target_directory/rbac.yaml" +} +function external_attacher { + local version=$1 + local source_directory="https://raw.githubusercontent.com/kubernetes-csi/external-attacher/release-$version/deploy/kubernetes" + local target_directory="$manifest_directory/external-attacher" + fetch_manifest "$source_directory/rbac.yaml" "$target_directory/rbac.yaml" +} + +function external_resizer { + local version=$1 + local source_directory="https://raw.githubusercontent.com/kubernetes-csi/external-resizer/v$version/deploy/kubernetes" + local target_directory="$manifest_directory/external-resizer" + fetch_manifest "$source_directory/rbac.yaml" "$target_directory/rbac.yaml" +} + +external_provisioner "1.6" +external_attacher "2.2" +external_resizer "0.5.0" diff --git a/hack/generate-yaml.sh b/hack/generate-yaml.sh index 21756bd3..4099fc9c 100755 --- a/hack/generate-yaml.sh +++ b/hack/generate-yaml.sh @@ -10,18 +10,8 @@ if [[ -z "${TAG}" ]]; then exit 1 fi -# Get the last manifest in the folder cd $(dirname "$0")/../ -manifests=pkg/linode-bs/deploy/kubernetes/0 -last="$(ls -dq "${manifests}"* | tail -n 1)" +file=./deploy/kubernetes/overlays/release/kustomization.yaml +CSI_VERSION=$TAG envsubst < "$file.template" > $file -# Build release manifest -for manifest in "${manifests}"*; do - echo "# ${manifest}" - echo "$(cat ${manifest})" | sed -e "s|{{ .Values.image.tag }}|"${TAG}"|" - - # Don't add the separator if it's the last manifest - if [[ "${manifest}" != "${last}" ]]; then - echo -e "---" - fi -done +kustomize build "$(dirname $file)" diff --git a/pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml b/pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml deleted file mode 100644 index 26a9831f..00000000 --- a/pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Requires CSINodeInfo feature gate (alpha in 1.12) -# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csidriver.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: csinodeinfos.csi.storage.k8s.io - labels: - addonmanager.kubernetes.io/mode: Reconcile -spec: - group: csi.storage.k8s.io - version: v1alpha1 - names: - kind: CSINodeInfo - plural: csinodeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of CSINodeInfo - properties: - drivers: - description: List of CSI drivers running on the node and their specs. - type: array - items: - properties: - name: - description: The CSI driver that this object refers to. - type: string - nodeID: - description: The node from the driver point of view. - type: string - topologyKeys: - description: List of keys supported by the driver. - items: - type: string - type: array - status: - description: Status of CSINodeInfo - properties: - drivers: - description: List of CSI drivers running on the node and their statuses. - type: array - items: - properties: - name: - description: The CSI driver that this object refers to. - type: string - available: - description: Whether the CSI driver is installed. - type: boolean - volumePluginMechanism: - description: Indicates to external components the required mechanism - to use for any in-tree plugins replaced by this driver. - pattern: in-tree|csi - type: string diff --git a/pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml b/pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml deleted file mode 100644 index 2cf7c945..00000000 --- a/pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Requires CSIDriverRegistry feature gate (alpha in 1.12) -# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csinodeinfo.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: csidrivers.csi.storage.k8s.io - labels: - addonmanager.kubernetes.io/mode: Reconcile -spec: - version: v1alpha1 - group: csi.storage.k8s.io - names: - kind: CSIDriver - plural: csidrivers - scope: Cluster - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of the CSI Driver. - properties: - attachRequired: - description: Indicates this CSI volume driver requires an attach operation, - and that Kubernetes should call attach and wait for any attach operation - to complete before proceeding to mount. - type: boolean - podInfoOnMountVersion: - description: Indicates this CSI volume driver requires additional pod - information (like podName, podUID, etc.) during mount operations. - type: string \ No newline at end of file diff --git a/pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml b/pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml deleted file mode 100644 index b0af9c9c..00000000 --- a/pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml +++ /dev/null @@ -1,160 +0,0 @@ -##### Node Service Account, Roles, RoleBindings -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-node-sa - namespace: kube-system ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: driver-registrar-role - apiGroup: rbac.authorization.k8s.io ---- -##### Controller Service Account, Roles, Rolebindings -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-controller-sa - namespace: kube-system ---- -# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-controller-provisioner-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- -# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-attacher-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["create", "get", "list", "watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-controller-attacher-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: external-attacher-role - apiGroup: rbac.authorization.k8s.io ---- -# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-snapshotter-role - namespace: kube-system -rules: -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] -- apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["watch", "get", "list"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["create"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-controller-snapshotter-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: external-snapshotter-role - apiGroup: rbac.authorization.k8s.io diff --git a/pkg/linode-bs/deploy/kubernetes/secret.yaml b/pkg/linode-bs/deploy/kubernetes/secret.yaml deleted file mode 100644 index 75e580f4..00000000 --- a/pkg/linode-bs/deploy/kubernetes/secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: linode - namespace: kube-system -stringData: - token: "deadbeefab1e1ead__REPLACE_ME____deadbeefab1e1ead" - region: "us-west" \ No newline at end of file diff --git a/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.2.1.yaml b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.2.1.yaml new file mode 100644 index 00000000..d0a1b07a --- /dev/null +++ b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.2.1.yaml @@ -0,0 +1,401 @@ +# pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml +##### Node Service Account, Roles, RoleBindings +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-sa + namespace: kube-system +--- +##### Controller Service Account, Roles, Rolebindings +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-controller-sa + namespace: kube-system +--- +# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-controller-provisioner-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-controller-attacher-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: linodebs.csi.linode.com +spec: + attachRequired: true + podInfoOnMount: true +--- +# pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: linode-block-storage + namespace: kube-system +provisioner: linodebs.csi.linode.com +allowVolumeExpansion: true +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: linode-block-storage-retain + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: linodebs.csi.linode.com +reclaimPolicy: Retain +allowVolumeExpansion: true +--- +# pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-linode-controller + namespace: kube-system + labels: + app: csi-linode-controller +spec: + serviceName: "csi-linode" + replicas: 1 + selector: + matchLabels: + app: csi-linode-controller + template: + metadata: + labels: + app: csi-linode-controller + role: csi-linode + spec: + serviceAccount: csi-controller-sa + initContainers: + - name: init + image: bitnami/kubectl:1.16.3-debian-10-r36 + command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - "--volume-name-prefix=pvc" + - "--volume-name-uuid-length=16" + - "--csi-address=$(ADDRESS)" + - "--v=2" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: linode-csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: linode-csi-plugin + image: linode/linode-blockstorage-csi-driver:v0.2.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(LINODE_TOKEN)" + - "--url=$(LINODE_API_URL)" + - "--node=$(NODE_NAME)" + - "--bs-prefix=$(LINODE_BS_PREFIX)" + - "--v=2" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: LINODE_BS_PREFIX + value: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + name: linode + key: token + imagePullPolicy: "Always" + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: linode-info + emptyDir: {} + - name: get-linode-id + configMap: + name: get-linode-id + # octal mode 755 + defaultMode: 493 +--- +# pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-linode-node + namespace: kube-system + labels: + app: csi-linode-node +spec: + selector: + matchLabels: + app: csi-linode-node + template: + metadata: + labels: + app: csi-linode-node + role: csi-linode + spec: + serviceAccount: csi-node-sa + initContainers: + - name: init + image: bitnami/kubectl:1.16.3-debian-10-r36 + command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + hostNetwork: true + containers: + - name: csi-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: csi-linode-plugin + image: linode/linode-blockstorage-csi-driver:v0.2.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(LINODE_TOKEN)" + - "--url=$(LINODE_API_URL)" + - "--node=$(NODE_NAME)" + - "--v=2" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + name: linode + key: token + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + volumes: + - name: linode-info + emptyDir: {} + - name: get-linode-id + configMap: + name: get-linode-id + defaultMode: 493 + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/linodebs.csi.linode.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + # The following mounts are required to trigger host udevadm from container + - name: udev-rules-etc + hostPath: + path: /etc/udev + type: Directory + - name: udev-rules-lib + hostPath: + path: /lib/udev + type: Directory + - name: udev-socket + hostPath: + path: /run/udev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory +--- +# pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: get-linode-id + namespace: kube-system + labels: + app: csi-linode +data: + get-linode-id.sh: |- + #!/bin/bash -efu + id="$(kubectl get node/"${NODE_NAME}" -o jsonpath='{.spec.providerID}')" + if [[ ! -z "${id}" ]]; then + echo "${id}" + echo -n "${id:9}" > /linode-info/linode-id + exit 0 + fi + echo "Provider ID not found" + # Exit here so that we wait for the CCM to initialize the provider ID + exit 1 diff --git a/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml index a6725d04..d0a1b07a 100644 --- a/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml +++ b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml @@ -1,93 +1,3 @@ -# pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml -# Requires CSINodeInfo feature gate (alpha in 1.12) -# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csidriver.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: csinodeinfos.csi.storage.k8s.io - labels: - addonmanager.kubernetes.io/mode: Reconcile -spec: - group: csi.storage.k8s.io - version: v1alpha1 - names: - kind: CSINodeInfo - plural: csinodeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of CSINodeInfo - properties: - drivers: - description: List of CSI drivers running on the node and their specs. - type: array - items: - properties: - name: - description: The CSI driver that this object refers to. - type: string - nodeID: - description: The node from the driver point of view. - type: string - topologyKeys: - description: List of keys supported by the driver. - items: - type: string - type: array - status: - description: Status of CSINodeInfo - properties: - drivers: - description: List of CSI drivers running on the node and their statuses. - type: array - items: - properties: - name: - description: The CSI driver that this object refers to. - type: string - available: - description: Whether the CSI driver is installed. - type: boolean - volumePluginMechanism: - description: Indicates to external components the required mechanism - to use for any in-tree plugins replaced by this driver. - pattern: in-tree|csi - type: string ---- -# pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml -# Requires CSIDriverRegistry feature gate (alpha in 1.12) -# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csinodeinfo.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: csidrivers.csi.storage.k8s.io - labels: - addonmanager.kubernetes.io/mode: Reconcile -spec: - version: v1alpha1 - group: csi.storage.k8s.io - names: - kind: CSIDriver - plural: csidrivers - scope: Cluster - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of the CSI Driver. - properties: - attachRequired: - description: Indicates this CSI volume driver requires an attach operation, - and that Kubernetes should call attach and wait for any attach operation - to complete before proceeding to mount. - type: boolean - podInfoOnMountVersion: - description: Indicates this CSI volume driver requires additional pod - information (like podName, podUID, etc.) during mount operations. - type: string ---- # pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml ##### Node Service Account, Roles, RoleBindings apiVersion: v1 @@ -96,33 +6,6 @@ metadata: name: csi-node-sa namespace: kube-system --- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: driver-registrar-role - apiGroup: rbac.authorization.k8s.io ---- ##### Controller Service Account, Roles, Rolebindings apiVersion: v1 kind: ServiceAccount @@ -186,12 +69,12 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["create", "get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -207,57 +90,14 @@ roleRef: name: external-attacher-role apiGroup: rbac.authorization.k8s.io --- -# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-snapshotter-role - namespace: kube-system -rules: -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] -- apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["watch", "get", "list"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["create"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-controller-snapshotter-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: external-snapshotter-role - apiGroup: rbac.authorization.k8s.io ---- # pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml -apiVersion: csi.storage.k8s.io/v1alpha1 +apiVersion: storage.k8s.io/v1beta1 kind: CSIDriver metadata: name: linodebs.csi.linode.com spec: attachRequired: true - podInfoOnMountVersion: "v1" + podInfoOnMount: true --- # pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml kind: StorageClass @@ -317,7 +157,7 @@ spec: mountPath: /scripts containers: - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.1.0 + image: quay.io/k8scsi/csi-provisioner:v1.6.0 args: - "--volume-name-prefix=pvc" - "--volume-name-uuid-length=16" @@ -331,7 +171,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v1.1.0 + image: quay.io/k8scsi/csi-attacher:v2.2.0 args: - "--v=2" - "--csi-address=$(ADDRESS)" @@ -343,7 +183,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: linode-csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.1.0 + image: quay.io/k8scsi/csi-resizer:v0.5.0 args: - "--v=2" - "--csi-address=$(ADDRESS)" @@ -354,7 +194,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: linode-csi-plugin - image: linode/linode-blockstorage-csi-driver:v0.2.0 + image: linode/linode-blockstorage-csi-driver:v0.2.1 args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(LINODE_TOKEN)" @@ -433,14 +273,11 @@ spec: mountPath: /scripts hostNetwork: true containers: - - name: driver-registrar - image: quay.io/k8scsi/driver-registrar:v1.0-canary + - name: csi-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 args: - "--v=2" - "--csi-address=$(ADDRESS)" - - "--mode=node-register" - - "--driver-requires-attachment=true" - - "--pod-info-mount-version=\"v1\"" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" env: - name: ADDRESS @@ -453,11 +290,11 @@ spec: fieldPath: spec.nodeName volumeMounts: - name: plugin-dir - mountPath: /csi/ + mountPath: /csi - name: registration-dir - mountPath: /registration/ + mountPath: /registration - name: csi-linode-plugin - image: linode/linode-blockstorage-csi-driver:v0.2.0 + image: linode/linode-blockstorage-csi-driver:v0.2.1 args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(LINODE_TOKEN)"