diff --git a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml index 7428d30..c08de2e 100644 --- a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml +++ b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml @@ -1,13 +1,12 @@ -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: csi-controller-attacher-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system roleRef: + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: external-attacher-role - apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system diff --git a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml index ec150d2..0afdda4 100644 --- a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml +++ b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml @@ -1,13 +1,12 @@ -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: csi-controller-provisioner-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system roleRef: + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: external-provisioner-role - apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system diff --git a/files/linode/driver-registrar-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml similarity index 56% rename from files/linode/driver-registrar-binding-ClusterRoleBinding.yaml rename to files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml index b1a11d0..831447f 100644 --- a/files/linode/driver-registrar-binding-ClusterRoleBinding.yaml +++ b/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml @@ -1,13 +1,12 @@ -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: driver-registrar-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-node-sa - namespace: kube-system + name: csi-controller-resizer-binding roleRef: - kind: ClusterRole - name: driver-registrar-role apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-resizer-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system diff --git a/files/linode/csi-controller-sa-ServiceAccount.yaml b/files/linode/csi-controller-sa-ServiceAccount.yaml index ed6829b..43befaa 100644 --- a/files/linode/csi-controller-sa-ServiceAccount.yaml +++ b/files/linode/csi-controller-sa-ServiceAccount.yaml @@ -1,4 +1,3 @@ -##### Controller Service Account, Roles, Rolebindings apiVersion: v1 kind: ServiceAccount metadata: diff --git a/files/linode/csi-linode-controller-StatefulSet.yaml b/files/linode/csi-linode-controller-StatefulSet.yaml index 8a5767e..353d2c1 100644 --- a/files/linode/csi-linode-controller-StatefulSet.yaml +++ b/files/linode/csi-linode-controller-StatefulSet.yaml @@ -1,117 +1,115 @@ -# pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml -kind: StatefulSet apiVersion: apps/v1 +kind: StatefulSet metadata: - name: csi-linode-controller - namespace: kube-system labels: app: csi-linode-controller + name: csi-linode-controller + namespace: kube-system spec: - serviceName: "csi-linode" replicas: 1 selector: matchLabels: app: csi-linode-controller + serviceName: csi-linode template: metadata: labels: app: csi-linode-controller role: csi-linode spec: - serviceAccount: csi-controller-sa - initContainers: - - name: init - image: bitnami/kubectl:1.16.3-debian-10-r36 - command: - - /scripts/get-linode-id.sh - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.1.0 - args: - - "--volume-name-prefix=pvc" - - "--volume-name-uuid-length=16" - - "--csi-address=$(ADDRESS)" - - "--v=2" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v1.1.0 - args: - - "--v=2" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: linode-csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.1.0 - args: - - "--v=2" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: linode-csi-plugin - image: linode/linode-blockstorage-csi-driver:v0.2.0 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--token=$(LINODE_TOKEN)" - - "--url=$(LINODE_API_URL)" - - "--node=$(NODE_NAME)" - - "--bs-prefix=$(LINODE_BS_PREFIX)" - - "--v=2" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LINODE_API_URL - value: https://api.linode.com/v4 - - name: LINODE_BS_PREFIX - value: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: LINODE_TOKEN - valueFrom: - secretKeyRef: - name: linode - key: token - imagePullPolicy: "Always" - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ + - args: + - --volume-name-prefix=pvc + - --volume-name-uuid-length=16 + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + imagePullPolicy: Always + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-attacher:v2.2.0 + imagePullPolicy: Always + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-resizer:v0.5.0 + name: linode-csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --endpoint=$(CSI_ENDPOINT) + - --token=$(LINODE_TOKEN) + - --url=$(LINODE_API_URL) + - --node=$(NODE_NAME) + - --bs-prefix=$(LINODE_BS_PREFIX) + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: LINODE_BS_PREFIX + value: null + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + key: token + name: linode + image: linode/linode-blockstorage-csi-driver:v0.3.0 + imagePullPolicy: Always + name: linode-csi-plugin + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + initContainers: + - command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: bitnami/kubectl:1.16.3-debian-10-r36 + name: init + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + serviceAccount: csi-controller-sa volumes: - - name: socket-dir - emptyDir: {} - - name: linode-info - emptyDir: {} - - name: get-linode-id - configMap: - name: get-linode-id - # octal mode 755 - defaultMode: 493 + - emptyDir: {} + name: socket-dir + - emptyDir: {} + name: linode-info + - configMap: + defaultMode: 493 + name: get-linode-id + name: get-linode-id diff --git a/files/linode/csi-linode-node-DaemonSet.yaml b/files/linode/csi-linode-node-DaemonSet.yaml index 6f24f0d..ba2cbb3 100644 --- a/files/linode/csi-linode-node-DaemonSet.yaml +++ b/files/linode/csi-linode-node-DaemonSet.yaml @@ -1,11 +1,10 @@ -# pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml -kind: DaemonSet apiVersion: apps/v1 +kind: DaemonSet metadata: - name: csi-linode-node - namespace: kube-system labels: app: csi-linode-node + name: csi-linode-node + namespace: kube-system spec: selector: matchLabels: @@ -16,129 +15,124 @@ spec: app: csi-linode-node role: csi-linode spec: - serviceAccount: csi-node-sa - initContainers: - - name: init - image: bitnami/kubectl:1.16.3-debian-10-r36 - command: - - /scripts/get-linode-id.sh - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts - hostNetwork: true containers: - - name: driver-registrar - image: quay.io/k8scsi/driver-registrar:v1.0-canary - args: - - "--v=2" - - "--csi-address=$(ADDRESS)" - - "--mode=node-register" - - "--driver-requires-attachment=true" - - "--pod-info-mount-version=\"v1\"" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi/ - - name: registration-dir - mountPath: /registration/ - - name: csi-linode-plugin - image: linode/linode-blockstorage-csi-driver:v0.2.0 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--token=$(LINODE_TOKEN)" - - "--url=$(LINODE_API_URL)" - - "--node=$(NODE_NAME)" - - "--v=2" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: LINODE_API_URL - value: https://api.linode.com/v4 - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: LINODE_TOKEN - valueFrom: - secretKeyRef: - name: linode - key: token - imagePullPolicy: "Always" - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - mountPath: /dev - name: device-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 + name: csi-node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --endpoint=$(CSI_ENDPOINT) + - --token=$(LINODE_TOKEN) + - --url=$(LINODE_API_URL) + - --node=$(NODE_NAME) + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + key: token + name: linode + image: linode/linode-blockstorage-csi-driver:v0.3.0 + imagePullPolicy: Always + name: csi-linode-plugin + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + - mountPath: /csi + name: plugin-dir + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: pods-mount-dir + - mountPath: /dev + name: device-dir + hostNetwork: true + initContainers: + - command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: bitnami/kubectl:1.16.3-debian-10-r36 + name: init + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + serviceAccount: csi-node-sa volumes: - - name: linode-info - emptyDir: {} - - name: get-linode-id - configMap: - name: get-linode-id - defaultMode: 493 - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - - name: kubelet-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/linodebs.csi.linode.com - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: device-dir - hostPath: - path: /dev - # The following mounts are required to trigger host udevadm from container - - name: udev-rules-etc - hostPath: - path: /etc/udev - type: Directory - - name: udev-rules-lib - hostPath: - path: /lib/udev - type: Directory - - name: udev-socket - hostPath: - path: /run/udev - type: Directory - - name: sys - hostPath: - path: /sys - type: Directory + - emptyDir: {} + name: linode-info + - configMap: + defaultMode: 493 + name: get-linode-id + name: get-linode-id + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/linodebs.csi.linode.com + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: pods-mount-dir + - hostPath: + path: /dev + name: device-dir + - hostPath: + path: /etc/udev + type: Directory + name: udev-rules-etc + - hostPath: + path: /lib/udev + type: Directory + name: udev-rules-lib + - hostPath: + path: /run/udev + type: Directory + name: udev-socket + - hostPath: + path: /sys + type: Directory + name: sys diff --git a/files/linode/csi-node-sa-ServiceAccount.yaml b/files/linode/csi-node-sa-ServiceAccount.yaml index c04a804..f84a93e 100644 --- a/files/linode/csi-node-sa-ServiceAccount.yaml +++ b/files/linode/csi-node-sa-ServiceAccount.yaml @@ -1,5 +1,3 @@ -# pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml -##### Node Service Account, Roles, RoleBindings apiVersion: v1 kind: ServiceAccount metadata: diff --git a/files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml b/files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml deleted file mode 100644 index 6d4456d..0000000 --- a/files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml -# Requires CSIDriverRegistry feature gate (alpha in 1.12) -# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csinodeinfo.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: csidrivers.csi.storage.k8s.io - labels: - addonmanager.kubernetes.io/mode: Reconcile -spec: - version: v1alpha1 - group: csi.storage.k8s.io - names: - kind: CSIDriver - plural: csidrivers - scope: Cluster - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of the CSI Driver. - properties: - attachRequired: - description: Indicates this CSI volume driver requires an attach operation, - and that Kubernetes should call attach and wait for any attach operation - to complete before proceeding to mount. - type: boolean - podInfoOnMountVersion: - description: Indicates this CSI volume driver requires additional pod - information (like podName, podUID, etc.) during mount operations. - type: string diff --git a/files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml b/files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml deleted file mode 100644 index 0e0488f..0000000 --- a/files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml -# Requires CSINodeInfo feature gate (alpha in 1.12) -# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csidriver.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: csinodeinfos.csi.storage.k8s.io - labels: - addonmanager.kubernetes.io/mode: Reconcile -spec: - group: csi.storage.k8s.io - version: v1alpha1 - names: - kind: CSINodeInfo - plural: csinodeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of CSINodeInfo - properties: - drivers: - description: List of CSI drivers running on the node and their specs. - type: array - items: - properties: - name: - description: The CSI driver that this object refers to. - type: string - nodeID: - description: The node from the driver point of view. - type: string - topologyKeys: - description: List of keys supported by the driver. - items: - type: string - type: array - status: - description: Status of CSINodeInfo - properties: - drivers: - description: List of CSI drivers running on the node and their statuses. - type: array - items: - properties: - name: - description: The CSI driver that this object refers to. - type: string - available: - description: Whether the CSI driver is installed. - type: boolean - volumePluginMechanism: - description: Indicates to external components the required mechanism - to use for any in-tree plugins replaced by this driver. - pattern: in-tree|csi - type: string diff --git a/files/linode/driver-registrar-role-ClusterRole.yaml b/files/linode/driver-registrar-role-ClusterRole.yaml deleted file mode 100644 index 669966d..0000000 --- a/files/linode/driver-registrar-role-ClusterRole.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] diff --git a/files/linode/external-attacher-role-ClusterRole.yaml b/files/linode/external-attacher-role-ClusterRole.yaml index 4393c9b..024ee5a 100644 --- a/files/linode/external-attacher-role-ClusterRole.yaml +++ b/files/linode/external-attacher-role-ClusterRole.yaml @@ -1,19 +1,33 @@ -# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: external-attacher-role - namespace: kube-system rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["create", "get", "list", "watch", "update"] +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch diff --git a/files/linode/external-provisioner-role-ClusterRole.yaml b/files/linode/external-provisioner-role-ClusterRole.yaml index 610585b..7dea113 100644 --- a/files/linode/external-provisioner-role-ClusterRole.yaml +++ b/files/linode/external-provisioner-role-ClusterRole.yaml @@ -1,28 +1,72 @@ -# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: external-provisioner-role - namespace: kube-system rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch diff --git a/files/linode/external-resizer-role-ClusterRole.yaml b/files/linode/external-resizer-role-ClusterRole.yaml new file mode 100644 index 0000000..3ce02a4 --- /dev/null +++ b/files/linode/external-resizer-role-ClusterRole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-resizer-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch diff --git a/files/linode/external-snapshotter-role-ClusterRole.yaml b/files/linode/external-snapshotter-role-ClusterRole.yaml deleted file mode 100644 index 397b3a0..0000000 --- a/files/linode/external-snapshotter-role-ClusterRole.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-snapshotter-role - namespace: kube-system -rules: -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] -- apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["watch", "get", "list"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["create"] diff --git a/files/linode/get-linode-id-ConfigMap.yaml b/files/linode/get-linode-id-ConfigMap.yaml index 3663faa..8838a20 100644 --- a/files/linode/get-linode-id-ConfigMap.yaml +++ b/files/linode/get-linode-id-ConfigMap.yaml @@ -1,11 +1,4 @@ -# pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml apiVersion: v1 -kind: ConfigMap -metadata: - name: get-linode-id - namespace: kube-system - labels: - app: csi-linode data: get-linode-id.sh: |- #!/bin/bash -efu @@ -18,3 +11,9 @@ data: echo "Provider ID not found" # Exit here so that we wait for the CCM to initialize the provider ID exit 1 +kind: ConfigMap +metadata: + labels: + app: csi-linode + name: get-linode-id + namespace: kube-system diff --git a/files/linode/linode-block-storage-StorageClass.yaml b/files/linode/linode-block-storage-StorageClass.yaml index 11596ba..25d38bc 100644 --- a/files/linode/linode-block-storage-StorageClass.yaml +++ b/files/linode/linode-block-storage-StorageClass.yaml @@ -1,8 +1,7 @@ -# pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml -kind: StorageClass +allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 +kind: StorageClass metadata: name: linode-block-storage namespace: kube-system provisioner: linodebs.csi.linode.com -allowVolumeExpansion: true diff --git a/files/linode/linode-block-storage-retain-StorageClass.yaml b/files/linode/linode-block-storage-retain-StorageClass.yaml index 0453438..7687392 100644 --- a/files/linode/linode-block-storage-retain-StorageClass.yaml +++ b/files/linode/linode-block-storage-retain-StorageClass.yaml @@ -1,8 +1,8 @@ -kind: StorageClass +allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 +kind: StorageClass metadata: name: linode-block-storage-retain namespace: kube-system provisioner: linodebs.csi.linode.com reclaimPolicy: Retain -allowVolumeExpansion: true diff --git a/files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml b/files/linode/linode-csi-binding-ClusterRoleBinding.yaml similarity index 53% rename from files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml rename to files/linode/linode-csi-binding-ClusterRoleBinding.yaml index a408a9d..cf46bbb 100644 --- a/files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml +++ b/files/linode/linode-csi-binding-ClusterRoleBinding.yaml @@ -1,13 +1,13 @@ -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: csi-controller-snapshotter-binding + name: linode-csi-binding namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system roleRef: - kind: ClusterRole - name: external-snapshotter-role apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linode-csi-role +subjects: +- kind: ServiceAccount + name: csi-node-sa + namespace: kube-system diff --git a/files/linode/linode-csi-role-ClusterRole.yaml b/files/linode/linode-csi-role-ClusterRole.yaml new file mode 100644 index 0000000..62af7cf --- /dev/null +++ b/files/linode/linode-csi-role-ClusterRole.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: linode-csi-role + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch diff --git a/files/linode/linodebs.csi.linode.com-CSIDriver.yaml b/files/linode/linodebs.csi.linode.com-CSIDriver.yaml index ad5217a..fdf29be 100644 --- a/files/linode/linodebs.csi.linode.com-CSIDriver.yaml +++ b/files/linode/linodebs.csi.linode.com-CSIDriver.yaml @@ -1,8 +1,7 @@ -# pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml -apiVersion: csi.storage.k8s.io/v1alpha1 +apiVersion: storage.k8s.io/v1beta1 kind: CSIDriver metadata: name: linodebs.csi.linode.com spec: attachRequired: true - podInfoOnMountVersion: "v1" + podInfoOnMount: true diff --git a/vars/linode.yaml b/vars/linode.yaml index b6314dc..052f232 100644 --- a/vars/linode.yaml +++ b/vars/linode.yaml @@ -1,20 +1,18 @@ --- storage_linode_files_list: - - "linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml" - - "linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml" - - "linode/csi-node-sa-ServiceAccount.yaml" - - "linode/driver-registrar-role-ClusterRole.yaml" - - "linode/driver-registrar-binding-ClusterRoleBinding.yaml" - - "linode/csi-controller-sa-ServiceAccount.yaml" - - "linode/external-provisioner-role-ClusterRole.yaml" - - "linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml" - - "linode/external-attacher-role-ClusterRole.yaml" - - "linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml" - - "linode/external-snapshotter-role-ClusterRole.yaml" - - "linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml" - - "linode/linodebs.csi.linode.com-CSIDriver.yaml" - "linode/linode-block-storage-StorageClass.yaml" - "linode/linode-block-storage-retain-StorageClass.yaml" + - "linode/csi-controller-sa-ServiceAccount.yaml" + - "linode/csi-node-sa-ServiceAccount.yaml" + - "linode/linode-csi-role-ClusterRole.yaml" + - "linode/external-attacher-role-ClusterRole.yaml" + - "linode/external-provisioner-role-ClusterRole.yaml" + - "linode/external-resizer-role-ClusterRole.yaml" + - "linode/linode-csi-binding-ClusterRoleBinding.yaml" + - "linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml" + - "linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml" + - "linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml" + - "linode/get-linode-id-ConfigMap.yaml" - "linode/csi-linode-controller-StatefulSet.yaml" - "linode/csi-linode-node-DaemonSet.yaml" - - "linode/get-linode-id-ConfigMap.yaml" + - "linode/linodebs.csi.linode.com-CSIDriver.yaml"