adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update linode from upstream
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2020-10-29 12:18:08 +01:00
parent f599c99ee8
commit 058d9bd8e1
21 changed files with 434 additions and 458 deletions
Download patch file Download diff file Expand all files Collapse all files

13
files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml
View file

@ -1,13 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: metadata:
name: csi-controller-attacher-binding name: csi-controller-attacher-binding
namespace: kube-system
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: kube-system
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: external-attacher-role name: external-attacher-role
apiGroup: rbac.authorization.k8s.io subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: kube-system

13
files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml
View file

@ -1,13 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: metadata:
name: csi-controller-provisioner-binding name: csi-controller-provisioner-binding
namespace: kube-system
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: kube-system
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: external-provisioner-role name: external-provisioner-role
apiGroup: rbac.authorization.k8s.io subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: kube-system

17
files/linode/driver-registrar-binding-ClusterRoleBinding.yaml → files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml
View file

@ -1,13 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: metadata:
name: driver-registrar-binding name: csi-controller-resizer-binding
namespace: kube-system
subjects:
- kind: ServiceAccount
name: csi-node-sa
namespace: kube-system
roleRef: roleRef:
kind: ClusterRole
name: driver-registrar-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-resizer-role
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: kube-system

1
files/linode/csi-controller-sa-ServiceAccount.yaml
View file

@ -1,4 +1,3 @@
##### Controller Service Account, Roles, Rolebindings
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

198
files/linode/csi-linode-controller-StatefulSet.yaml
View file

@ -1,117 +1,115 @@
# pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml
kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet
metadata: metadata:
name: csi-linode-controller
namespace: kube-system
labels: labels:
app: csi-linode-controller app: csi-linode-controller
name: csi-linode-controller
namespace: kube-system
spec: spec:
serviceName: "csi-linode"
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: csi-linode-controller app: csi-linode-controller
serviceName: csi-linode
template: template:
metadata: metadata:
labels: labels:
app: csi-linode-controller app: csi-linode-controller
role: csi-linode role: csi-linode
spec: spec:
serviceAccount: csi-controller-sa
initContainers:
- name: init
image: bitnami/kubectl:1.16.3-debian-10-r36
command:
- /scripts/get-linode-id.sh
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: linode-info
mountPath: /linode-info
- name: get-linode-id
mountPath: /scripts
containers: containers:
- name: csi-provisioner - args:
image: quay.io/k8scsi/csi-provisioner:v1.1.0 - --volume-name-prefix=pvc
args: - --volume-name-uuid-length=16
- "--volume-name-prefix=pvc" - --csi-address=$(ADDRESS)
- "--volume-name-uuid-length=16" - --v=2
- "--csi-address=$(ADDRESS)" env:
- "--v=2" - name: ADDRESS
env: value: /var/lib/csi/sockets/pluginproxy/csi.sock
- name: ADDRESS image: quay.io/k8scsi/csi-provisioner:v1.6.0
value: /var/lib/csi/sockets/pluginproxy/csi.sock imagePullPolicy: Always
imagePullPolicy: "Always" name: csi-provisioner
volumeMounts: volumeMounts:
- name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir
- name: csi-attacher - args:
image: quay.io/k8scsi/csi-attacher:v1.1.0 - --v=2
args: - --csi-address=$(ADDRESS)
- "--v=2" env:
- "--csi-address=$(ADDRESS)" - name: ADDRESS
env: value: /var/lib/csi/sockets/pluginproxy/csi.sock
- name: ADDRESS image: quay.io/k8scsi/csi-attacher:v2.2.0
value: /var/lib/csi/sockets/pluginproxy/csi.sock imagePullPolicy: Always
imagePullPolicy: "Always" name: csi-attacher
volumeMounts: volumeMounts:
- name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir
- name: linode-csi-resizer - args:
image: quay.io/k8scsi/csi-resizer:v0.1.0 - --v=2
args: - --csi-address=$(ADDRESS)
- "--v=2" env:
- "--csi-address=$(ADDRESS)" - name: ADDRESS
env: value: /var/lib/csi/sockets/pluginproxy/csi.sock
- name: ADDRESS image: quay.io/k8scsi/csi-resizer:v0.5.0
value: /var/lib/csi/sockets/pluginproxy/csi.sock name: linode-csi-resizer
volumeMounts: volumeMounts:
- name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir
- name: linode-csi-plugin - args:
image: linode/linode-blockstorage-csi-driver:v0.2.0 - --endpoint=$(CSI_ENDPOINT)
args : - --token=$(LINODE_TOKEN)
- "--endpoint=$(CSI_ENDPOINT)" - --url=$(LINODE_API_URL)
- "--token=$(LINODE_TOKEN)" - --node=$(NODE_NAME)
- "--url=$(LINODE_API_URL)" - --bs-prefix=$(LINODE_BS_PREFIX)
- "--node=$(NODE_NAME)" - --v=2
- "--bs-prefix=$(LINODE_BS_PREFIX)" env:
- "--v=2" - name: CSI_ENDPOINT
env: value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: CSI_ENDPOINT - name: LINODE_API_URL
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock value: https://api.linode.com/v4
- name: LINODE_API_URL - name: LINODE_BS_PREFIX
value: https://api.linode.com/v4 value: null
- name: LINODE_BS_PREFIX - name: NODE_NAME
value: valueFrom:
- name: NODE_NAME fieldRef:
valueFrom: fieldPath: spec.nodeName
fieldRef: - name: LINODE_TOKEN
fieldPath: spec.nodeName valueFrom:
- name: LINODE_TOKEN secretKeyRef:
valueFrom: key: token
secretKeyRef: name: linode
name: linode image: linode/linode-blockstorage-csi-driver:v0.3.0
key: token imagePullPolicy: Always
imagePullPolicy: "Always" name: linode-csi-plugin
volumeMounts: volumeMounts:
- name: linode-info - mountPath: /linode-info
mountPath: /linode-info name: linode-info
- name: get-linode-id - mountPath: /scripts
mountPath: /scripts name: get-linode-id
- name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir
initContainers:
- command:
- /scripts/get-linode-id.sh
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: bitnami/kubectl:1.16.3-debian-10-r36
name: init
volumeMounts:
- mountPath: /linode-info
name: linode-info
- mountPath: /scripts
name: get-linode-id
serviceAccount: csi-controller-sa
volumes: volumes:
- name: socket-dir - emptyDir: {}
emptyDir: {} name: socket-dir
- name: linode-info - emptyDir: {}
emptyDir: {} name: linode-info
- name: get-linode-id - configMap:
configMap: defaultMode: 493
name: get-linode-id name: get-linode-id
# octal mode 755 name: get-linode-id
defaultMode: 493

250
files/linode/csi-linode-node-DaemonSet.yaml
View file

@ -1,11 +1,10 @@
# pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml
kind: DaemonSet
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet
metadata: metadata:
name: csi-linode-node
namespace: kube-system
labels: labels:
app: csi-linode-node app: csi-linode-node
name: csi-linode-node
namespace: kube-system
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -16,129 +15,124 @@ spec:
app: csi-linode-node app: csi-linode-node
role: csi-linode role: csi-linode
spec: spec:
serviceAccount: csi-node-sa
initContainers:
- name: init
image: bitnami/kubectl:1.16.3-debian-10-r36
command:
- /scripts/get-linode-id.sh
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: linode-info
mountPath: /linode-info
- name: get-linode-id
mountPath: /scripts
hostNetwork: true
containers: containers:
- name: driver-registrar - args:
image: quay.io/k8scsi/driver-registrar:v1.0-canary - --v=2
args: - --csi-address=$(ADDRESS)
- "--v=2" - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- "--csi-address=$(ADDRESS)" env:
- "--mode=node-register" - name: ADDRESS
- "--driver-requires-attachment=true" value: /csi/csi.sock
- "--pod-info-mount-version=\"v1\"" - name: DRIVER_REG_SOCK_PATH
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock
env: - name: KUBE_NODE_NAME
- name: ADDRESS valueFrom:
value: /csi/csi.sock fieldRef:
- name: DRIVER_REG_SOCK_PATH fieldPath: spec.nodeName
value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0
- name: KUBE_NODE_NAME name: csi-node-driver-registrar
valueFrom: volumeMounts:
fieldRef: - mountPath: /csi
fieldPath: spec.nodeName name: plugin-dir
volumeMounts: - mountPath: /registration
- name: plugin-dir name: registration-dir
mountPath: /csi/ - args:
- name: registration-dir - --endpoint=$(CSI_ENDPOINT)
mountPath: /registration/ - --token=$(LINODE_TOKEN)
- name: csi-linode-plugin - --url=$(LINODE_API_URL)
image: linode/linode-blockstorage-csi-driver:v0.2.0 - --node=$(NODE_NAME)
args : - --v=2
- "--endpoint=$(CSI_ENDPOINT)" env:
- "--token=$(LINODE_TOKEN)" - name: CSI_ENDPOINT
- "--url=$(LINODE_API_URL)" value: unix:///csi/csi.sock
- "--node=$(NODE_NAME)" - name: LINODE_API_URL
- "--v=2" value: https://api.linode.com/v4
env: - name: NODE_NAME
- name: CSI_ENDPOINT valueFrom:
value: unix:///csi/csi.sock fieldRef:
- name: LINODE_API_URL fieldPath: spec.nodeName
value: https://api.linode.com/v4 - name: LINODE_TOKEN
- name: NODE_NAME valueFrom:
valueFrom: secretKeyRef:
fieldRef: key: token
fieldPath: spec.nodeName name: linode
- name: LINODE_TOKEN image: linode/linode-blockstorage-csi-driver:v0.3.0
valueFrom: imagePullPolicy: Always
secretKeyRef: name: csi-linode-plugin
name: linode securityContext:
key: token allowPrivilegeEscalation: true
imagePullPolicy: "Always" capabilities:
securityContext: add:
privileged: true - SYS_ADMIN
capabilities: privileged: true
add: ["SYS_ADMIN"] volumeMounts:
allowPrivilegeEscalation: true - mountPath: /linode-info
volumeMounts: name: linode-info
- name: linode-info - mountPath: /scripts
mountPath: /linode-info name: get-linode-id
- name: get-linode-id - mountPath: /csi
mountPath: /scripts name: plugin-dir
- name: plugin-dir - mountPath: /var/lib/kubelet
mountPath: /csi mountPropagation: Bidirectional
- name: pods-mount-dir name: pods-mount-dir
mountPath: /var/lib/kubelet - mountPath: /dev
# needed so that any mounts setup inside this container are name: device-dir
# propagated back to the host machine. hostNetwork: true
mountPropagation: "Bidirectional" initContainers:
- mountPath: /dev - command:
name: device-dir - /scripts/get-linode-id.sh
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: bitnami/kubectl:1.16.3-debian-10-r36
name: init
volumeMounts:
- mountPath: /linode-info
name: linode-info
- mountPath: /scripts
name: get-linode-id
serviceAccount: csi-node-sa
volumes: volumes:
- name: linode-info - emptyDir: {}
emptyDir: {} name: linode-info
- name: get-linode-id - configMap:
configMap: defaultMode: 493
name: get-linode-id name: get-linode-id
defaultMode: 493 name: get-linode-id
- name: registration-dir - hostPath:
hostPath: path: /var/lib/kubelet/plugins_registry/
path: /var/lib/kubelet/plugins_registry/ type: DirectoryOrCreate
type: DirectoryOrCreate name: registration-dir
- name: kubelet-dir - hostPath:
hostPath: path: /var/lib/kubelet
path: /var/lib/kubelet type: Directory
type: Directory name: kubelet-dir
- name: plugin-dir - hostPath:
hostPath: path: /var/lib/kubelet/plugins/linodebs.csi.linode.com
path: /var/lib/kubelet/plugins/linodebs.csi.linode.com type: DirectoryOrCreate
type: DirectoryOrCreate name: plugin-dir
- name: pods-mount-dir - hostPath:
hostPath: path: /var/lib/kubelet
path: /var/lib/kubelet type: Directory
type: Directory name: pods-mount-dir
- name: device-dir - hostPath:
hostPath: path: /dev
path: /dev name: device-dir
# The following mounts are required to trigger host udevadm from container - hostPath:
- name: udev-rules-etc path: /etc/udev
hostPath: type: Directory
path: /etc/udev name: udev-rules-etc
type: Directory - hostPath:
- name: udev-rules-lib path: /lib/udev
hostPath: type: Directory
path: /lib/udev name: udev-rules-lib
type: Directory - hostPath:
- name: udev-socket path: /run/udev
hostPath: type: Directory
path: /run/udev name: udev-socket
type: Directory - hostPath:
- name: sys path: /sys
hostPath: type: Directory
path: /sys name: sys
type: Directory

2
files/linode/csi-node-sa-ServiceAccount.yaml
View file

@ -1,5 +1,3 @@
# pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml
##### Node Service Account, Roles, RoleBindings
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

31
files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml
View file

@ -1,31 +0,0 @@
# pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml
# Requires CSIDriverRegistry feature gate (alpha in 1.12)
# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csinodeinfo.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: csidrivers.csi.storage.k8s.io
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
version: v1alpha1
group: csi.storage.k8s.io
names:
kind: CSIDriver
plural: csidrivers
scope: Cluster
validation:
openAPIV3Schema:
properties:
spec:
description: Specification of the CSI Driver.
properties:
attachRequired:
description: Indicates this CSI volume driver requires an attach operation,
and that Kubernetes should call attach and wait for any attach operation
to complete before proceeding to mount.
type: boolean
podInfoOnMountVersion:
description: Indicates this CSI volume driver requires additional pod
information (like podName, podUID, etc.) during mount operations.
type: string

57
files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml
View file

@ -1,57 +0,0 @@
# pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml
# Requires CSINodeInfo feature gate (alpha in 1.12)
# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csidriver.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: csinodeinfos.csi.storage.k8s.io
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
group: csi.storage.k8s.io
version: v1alpha1
names:
kind: CSINodeInfo
plural: csinodeinfos
scope: Cluster
validation:
openAPIV3Schema:
properties:
spec:
description: Specification of CSINodeInfo
properties:
drivers:
description: List of CSI drivers running on the node and their specs.
type: array
items:
properties:
name:
description: The CSI driver that this object refers to.
type: string
nodeID:
description: The node from the driver point of view.
type: string
topologyKeys:
description: List of keys supported by the driver.
items:
type: string
type: array
status:
description: Status of CSINodeInfo
properties:
drivers:
description: List of CSI drivers running on the node and their statuses.
type: array
items:
properties:
name:
description: The CSI driver that this object refers to.
type: string
available:
description: Whether the CSI driver is installed.
type: boolean
volumePluginMechanism:
description: Indicates to external components the required mechanism
to use for any in-tree plugins replaced by this driver.
pattern: in-tree|csi
type: string

12
files/linode/driver-registrar-role-ClusterRole.yaml
View file

@ -1,12 +0,0 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: driver-registrar-role
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]

44
files/linode/external-attacher-role-ClusterRole.yaml
View file

@ -1,19 +1,33 @@
# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata: metadata:
name: external-attacher-role name: external-attacher-role
namespace: kube-system
rules: rules:
- apiGroups: [""] - apiGroups:
resources: ["persistentvolumes"] - ""
verbs: ["get", "list", "watch", "update"] resources:
- apiGroups: [""] - persistentvolumes
resources: ["nodes"] verbs:
verbs: ["get", "list", "watch"] - get
- apiGroups: ["csi.storage.k8s.io"] - list
resources: ["csinodeinfos"] - watch
verbs: ["get", "list", "watch"] - update
- apiGroups: ["storage.k8s.io"] - patch
resources: ["volumeattachments"] - apiGroups:
verbs: ["create", "get", "list", "watch", "update"] - storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- update
- patch

92
files/linode/external-provisioner-role-ClusterRole.yaml
View file

@ -1,28 +1,72 @@
# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata: metadata:
name: external-provisioner-role name: external-provisioner-role
namespace: kube-system
rules: rules:
- apiGroups: [""] - apiGroups:
resources: ["secrets"] - ""
verbs: ["get", "list"] resources:
- apiGroups: [""] - persistentvolumes
resources: ["persistentvolumes"] verbs:
verbs: ["get", "list", "watch", "create", "delete", "patch"] - get
- apiGroups: [""] - list
resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"] - watch
verbs: ["get", "list", "watch", "update", "patch"] - create
- apiGroups: ["storage.k8s.io"] - delete
resources: ["storageclasses"] - apiGroups:
verbs: ["get", "list", "watch"] - ""
- apiGroups: [""] resources:
resources: ["events"] - persistentvolumeclaims
verbs: ["list", "watch", "create", "update", "patch"] verbs:
- apiGroups: ["snapshot.storage.k8s.io"] - get
resources: ["volumesnapshots"] - list
verbs: ["get", "list"] - watch
- apiGroups: ["snapshot.storage.k8s.io"] - update
resources: ["volumesnapshotcontents"] - apiGroups:
verbs: ["get", "list"] - storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch

40
files/linode/external-resizer-role-ClusterRole.yaml Normal file
View file

@ -0,0 +1,40 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-resizer-role
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch

28
files/linode/external-snapshotter-role-ClusterRole.yaml
View file

@ -1,28 +0,0 @@
# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-snapshotter-role
namespace: kube-system
rules:
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["watch", "get", "list"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["create"]

13
files/linode/get-linode-id-ConfigMap.yaml
View file

@ -1,11 +1,4 @@
# pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml
apiVersion: v1 apiVersion: v1
kind: ConfigMap
metadata:
name: get-linode-id
namespace: kube-system
labels:
app: csi-linode
data: data:
get-linode-id.sh: |- get-linode-id.sh: |-
#!/bin/bash -efu #!/bin/bash -efu
@ -18,3 +11,9 @@ data:
echo "Provider ID not found" echo "Provider ID not found"
# Exit here so that we wait for the CCM to initialize the provider ID # Exit here so that we wait for the CCM to initialize the provider ID
exit 1 exit 1
kind: ConfigMap
metadata:
labels:
app: csi-linode
name: get-linode-id
namespace: kube-system

5
files/linode/linode-block-storage-StorageClass.yaml
View file

@ -1,8 +1,7 @@
# pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml allowVolumeExpansion: true
kind: StorageClass
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata: metadata:
name: linode-block-storage name: linode-block-storage
namespace: kube-system namespace: kube-system
provisioner: linodebs.csi.linode.com provisioner: linodebs.csi.linode.com
allowVolumeExpansion: true

4
files/linode/linode-block-storage-retain-StorageClass.yaml
View file

@ -1,8 +1,8 @@
kind: StorageClass allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata: metadata:
name: linode-block-storage-retain name: linode-block-storage-retain
namespace: kube-system namespace: kube-system
provisioner: linodebs.csi.linode.com provisioner: linodebs.csi.linode.com
reclaimPolicy: Retain reclaimPolicy: Retain
allowVolumeExpansion: true

16
files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml → files/linode/linode-csi-binding-ClusterRoleBinding.yaml
View file

@ -1,13 +1,13 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: metadata:
name: csi-controller-snapshotter-binding name: linode-csi-binding
namespace: kube-system namespace: kube-system
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: kube-system
roleRef: roleRef:
kind: ClusterRole
name: external-snapshotter-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: linode-csi-role
subjects:
- kind: ServiceAccount
name: csi-node-sa
namespace: kube-system

25
files/linode/linode-csi-role-ClusterRole.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: linode-csi-role
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch

5
files/linode/linodebs.csi.linode.com-CSIDriver.yaml
View file

@ -1,8 +1,7 @@
# pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml apiVersion: storage.k8s.io/v1beta1
apiVersion: csi.storage.k8s.io/v1alpha1
kind: CSIDriver kind: CSIDriver
metadata: metadata:
name: linodebs.csi.linode.com name: linodebs.csi.linode.com
spec: spec:
attachRequired: true attachRequired: true
podInfoOnMountVersion: "v1" podInfoOnMount: true

26
vars/linode.yaml
View file

@ -1,20 +1,18 @@
--- ---
storage_linode_files_list: storage_linode_files_list:
- "linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml"
- "linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml"
- "linode/csi-node-sa-ServiceAccount.yaml"
- "linode/driver-registrar-role-ClusterRole.yaml"
- "linode/driver-registrar-binding-ClusterRoleBinding.yaml"
- "linode/csi-controller-sa-ServiceAccount.yaml"
- "linode/external-provisioner-role-ClusterRole.yaml"
- "linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml"
- "linode/external-attacher-role-ClusterRole.yaml"
- "linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml"
- "linode/external-snapshotter-role-ClusterRole.yaml"
- "linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml"
- "linode/linodebs.csi.linode.com-CSIDriver.yaml"
- "linode/linode-block-storage-StorageClass.yaml" - "linode/linode-block-storage-StorageClass.yaml"
- "linode/linode-block-storage-retain-StorageClass.yaml" - "linode/linode-block-storage-retain-StorageClass.yaml"
- "linode/csi-controller-sa-ServiceAccount.yaml"
- "linode/csi-node-sa-ServiceAccount.yaml"
- "linode/linode-csi-role-ClusterRole.yaml"
- "linode/external-attacher-role-ClusterRole.yaml"
- "linode/external-provisioner-role-ClusterRole.yaml"
- "linode/external-resizer-role-ClusterRole.yaml"
- "linode/linode-csi-binding-ClusterRoleBinding.yaml"
- "linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml"
- "linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml"
- "linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml"
- "linode/get-linode-id-ConfigMap.yaml"
- "linode/csi-linode-controller-StatefulSet.yaml" - "linode/csi-linode-controller-StatefulSet.yaml"
- "linode/csi-linode-node-DaemonSet.yaml" - "linode/csi-linode-node-DaemonSet.yaml"
- "linode/get-linode-id-ConfigMap.yaml" - "linode/linodebs.csi.linode.com-CSIDriver.yaml"