diff --git a/bin/update.sh b/bin/update.sh index 182b12a..0e03dad 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -25,18 +25,24 @@ mv files/linode{,.old} mv generated files/linode cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "linode/\2"|' sed -e /is-default-class/d -e /annotations/d -i files/linode/linode-block-storage-StorageClass.yaml +sed -e /is-default-class/d -e /annotations/d -i files/linode/linode-block-storage-retain-StorageClass.yaml rm -fr files/linode.old generated.log linode-blockstorage-csi-driver.yaml -wget https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-latest.yaml -kubernetes-split-yaml csi-digitalocean-latest.yaml > generated.log +DO_CSI_VERSION=2.0.0 mv files/digitalocean{,.old} -mv generated files/digitalocean -cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "digitalocean/\2"|' +mkdir files/digitalocean +for FICHIER in crds.yaml driver.yaml snapshot-controller.yaml; do + wget https://github.com/digitalocean/csi-digitalocean/raw/master/deploy/kubernetes/releases/csi-digitalocean-v${DO_CSI_VERSION}/$FICHIER + kubernetes-split-yaml $FICHIER >> generated.log + mv generated/* files/digitalocean/ + cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "digitalocean/\2"|' + rm -f $FICHIER generated.log +done for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass.yaml; do sed -e /is-default-class/d -e /annotations/d -i files/digitalocean/"$i" done -rm -fr files/digitalocean.old generated.log csi-digitalocean-latest.yaml +rm -fr files/digitalocean.old #https://github.com/scaleway/scaleway-csi diff --git a/files/digitalocean/csi-do-controller-StatefulSet.yaml b/files/digitalocean/csi-do-controller-StatefulSet.yaml index 2ae0d52..93997b9 100644 --- a/files/digitalocean/csi-do-controller-StatefulSet.yaml +++ b/files/digitalocean/csi-do-controller-StatefulSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccount: csi-do-controller-sa containers: - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.4.0 + image: quay.io/k8scsi/csi-provisioner:v1.6.0 args: - "--csi-address=$(ADDRESS)" - "--v=5" @@ -38,10 +38,10 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v2.0.0 + image: quay.io/k8scsi/csi-attacher:v2.2.0 args: - - "--v=5" - "--csi-address=$(ADDRESS)" + - "--v=5" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -50,9 +50,10 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-snapshotter - image: quay.io/k8scsi/csi-snapshotter:v1.2.2 + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 args: - "--csi-address=$(ADDRESS)" + - "--v=5" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -61,11 +62,11 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.3.0 + image: quay.io/k8scsi/csi-resizer:v0.5.0 args: - - "--v=5" - "--csi-address=$(ADDRESS)" - "--csiTimeout=30s" + - "--v=5" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -74,7 +75,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-do-plugin - image: digitalocean/do-csi-plugin:dev + image: digitalocean/do-csi-plugin:v2.0.0 args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" @@ -96,3 +97,4 @@ spec: volumes: - name: socket-dir emptyDir: {} + diff --git a/files/digitalocean/csi-do-node-DaemonSet.yaml b/files/digitalocean/csi-do-node-DaemonSet.yaml index 232349b..6b2d805 100644 --- a/files/digitalocean/csi-do-node-DaemonSet.yaml +++ b/files/digitalocean/csi-do-node-DaemonSet.yaml @@ -23,6 +23,19 @@ spec: priorityClassName: system-node-critical serviceAccount: csi-do-node-sa hostNetwork: true + initContainers: + # Delete automount udev rule running on all DO droplets. The rule mounts + # devices briefly and may conflict with CSI-managed droplets (leading to + # "resource busy" errors). We can safely delete it in DOKS. + - name: automount-udev-deleter + image: alpine:3 + args: + - "rm" + - "-f" + - "/etc/udev/rules.d/99-digitalocean-automount.rules" + volumeMounts: + - name: udev-rules-dir + mountPath: /etc/udev/rules.d/ containers: - name: csi-node-driver-registrar image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 @@ -49,7 +62,7 @@ spec: - name: registration-dir mountPath: /registration/ - name: csi-do-plugin - image: digitalocean/do-csi-plugin:dev + image: digitalocean/do-csi-plugin:v2.0.0 args : - "--endpoint=$(CSI_ENDPOINT)" - "--url=$(DIGITALOCEAN_API_URL)" @@ -90,3 +103,6 @@ spec: - name: device-dir hostPath: path: /dev + - name: udev-rules-dir + hostPath: + path: /etc/udev/rules.d/ diff --git a/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml b/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml index d2de05b..c0a5abb 100644 --- a/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml +++ b/files/digitalocean/csi-do-provisioner-role-ClusterRole.yaml @@ -15,9 +15,6 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] @@ -27,7 +24,4 @@ rules: - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] diff --git a/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml b/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml index 75e5f3c..bc61fed 100644 --- a/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml +++ b/files/digitalocean/csi-do-snapshotter-role-ClusterRole.yaml @@ -1,24 +1,14 @@ +# Snapshotter sidecar + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-do-snapshotter-role rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] verbs: ["get", "list", "watch"] @@ -26,12 +16,6 @@ rules: resources: ["volumesnapshotcontents"] verbs: ["create", "get", "list", "watch", "update", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] + resources: ["volumesnapshotcontents/status"] verbs: ["update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete", "get", "update"] diff --git a/files/digitalocean/do-block-storage-StorageClass.yaml b/files/digitalocean/do-block-storage-StorageClass.yaml index 4e0feab..ae8ea47 100644 --- a/files/digitalocean/do-block-storage-StorageClass.yaml +++ b/files/digitalocean/do-block-storage-StorageClass.yaml @@ -3,7 +3,6 @@ kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: do-block-storage - namespace: kube-system provisioner: dobs.csi.digitalocean.com allowVolumeExpansion: true diff --git a/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml b/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml index af20b64..017b9e7 100644 --- a/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml +++ b/files/digitalocean/do-block-storage-VolumeSnapshotClass.yaml @@ -1,8 +1,8 @@ kind: VolumeSnapshotClass -apiVersion: snapshot.storage.k8s.io/v1alpha1 +apiVersion: snapshot.storage.k8s.io/v1beta1 metadata: name: do-block-storage - namespace: kube-system -snapshotter: dobs.csi.digitalocean.com +driver: dobs.csi.digitalocean.com +deletionPolicy: Delete diff --git a/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml b/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml index e683f48..0807d86 100644 --- a/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml +++ b/files/digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml @@ -12,14 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Configuration to deploy release version of the CSI DigitalOcean -# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with -# Kubernetes >=v1.14+ -# -# example usage: kubectl create -f -# - -# This file is only for development use. Do not use in production. # Install the CSI Driver. This simplifies driver discovery and enables us to # customize Kubernetes behavior diff --git a/files/digitalocean/snapshot-controller-ServiceAccount.yaml b/files/digitalocean/snapshot-controller-ServiceAccount.yaml new file mode 100644 index 0000000..d6348cf --- /dev/null +++ b/files/digitalocean/snapshot-controller-ServiceAccount.yaml @@ -0,0 +1,7 @@ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: snapshot-controller + namespace: kube-system + diff --git a/files/digitalocean/snapshot-controller-StatefulSet.yaml b/files/digitalocean/snapshot-controller-StatefulSet.yaml new file mode 100644 index 0000000..644adb5 --- /dev/null +++ b/files/digitalocean/snapshot-controller-StatefulSet.yaml @@ -0,0 +1,44 @@ +# Copyright 2020 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# +# snapshotter controller +# source: # Source: https://github.com/kubernetes-csi/external-snapshotter +# + +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: snapshot-controller + namespace: kube-system +spec: + serviceName: "snapshot-controller" + replicas: 1 + selector: + matchLabels: + app: snapshot-controller + template: + metadata: + labels: + app: snapshot-controller + spec: + serviceAccount: snapshot-controller + containers: + - name: snapshot-controller + image: quay.io/k8scsi/snapshot-controller:v2.1.1 + args: + - "--v=5" + imagePullPolicy: IfNotPresent + diff --git a/files/digitalocean/snapshot-controller-binding-ClusterRoleBinding.yaml b/files/digitalocean/snapshot-controller-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..d8bb138 --- /dev/null +++ b/files/digitalocean/snapshot-controller-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-binding +subjects: + - kind: ServiceAccount + name: snapshot-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: snapshot-controller-role + apiGroup: rbac.authorization.k8s.io diff --git a/files/digitalocean/snapshot-controller-role-ClusterRole.yaml b/files/digitalocean/snapshot-controller-role-ClusterRole.yaml new file mode 100644 index 0000000..b634996 --- /dev/null +++ b/files/digitalocean/snapshot-controller-role-ClusterRole.yaml @@ -0,0 +1,31 @@ + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + diff --git a/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml b/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml index f322cbf..6e3b583 100644 --- a/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml +++ b/files/digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml @@ -1,3 +1,17 @@ +# Copyright 2020 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + ############################################## ########### ############ @@ -5,24 +19,90 @@ ########### ############ ############################################## # -# The following CRD's are created by the csi-snapshotter, however it -# complicates installing a driver, because we're not able to install a custom -# VolumeSnapshotClass until the csi-snapshotter sidecar is up and running. We -# pulled out the CRD's and put them here to simplify the installation for the -# users. Make sure these are up to date with the original ones whenever we -# release a new version: https://github.com/kubernetes-csi/external-snapshotter/blob/master/cmd/csi-snapshotter/create_crd.go +# Source: https://github.com/kubernetes-csi/external-snapshotter +# apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null name: volumesnapshotclasses.snapshot.storage.k8s.io spec: + additionalPrinterColumns: + - JSONPath: .driver + name: Driver + type: string + - JSONPath: .deletionPolicy + description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass + should be deleted when its bound VolumeSnapshot is deleted. + name: DeletionPolicy + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date group: snapshot.storage.k8s.io names: kind: VolumeSnapshotClass + listKind: VolumeSnapshotClassList plural: volumesnapshotclasses + singular: volumesnapshotclass + preserveUnknownFields: false scope: Cluster - version: v1alpha1 - subresources: - status: {} + subresources: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotClass specifies parameters that a underlying storage + system uses when creating a volume snapshot. A specific VolumeSnapshotClass + is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses + are non-namespaced + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeSnapshotContent created + through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot + is deleted. Supported values are "Retain" and "Delete". "Retain" means + that the VolumeSnapshotContent and its physical snapshot on underlying + storage system are kept. "Delete" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the storage driver that handles this + VolumeSnapshotClass. Required. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshots. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - driver + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml b/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml index 1bec611..1a8ac58 100644 --- a/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml +++ b/files/digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml @@ -2,12 +2,232 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null name: volumesnapshotcontents.snapshot.storage.k8s.io spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot in bytes + name: RestoreSize + type: integer + - JSONPath: .spec.deletionPolicy + description: Determines whether this VolumeSnapshotContent and its physical snapshot + on the underlying storage system should be deleted when its bound VolumeSnapshot + is deleted. + name: DeletionPolicy + type: string + - JSONPath: .spec.driver + description: Name of the CSI driver used to create the physical snapshot on the + underlying storage system. + name: Driver + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: Name of the VolumeSnapshotClass to which this snapshot belongs. + name: VolumeSnapshotClass + type: string + - JSONPath: .spec.volumeSnapshotRef.name + description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent + object is bound. + name: VolumeSnapshot + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date group: snapshot.storage.k8s.io names: kind: VolumeSnapshotContent + listKind: VolumeSnapshotContentList plural: volumesnapshotcontents + singular: volumesnapshotcontent + preserveUnknownFields: false scope: Cluster - version: v1alpha1 + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotContent represents the actual "on-disk" snapshot + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a VolumeSnapshotContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeSnapshotContent + and its physical snapshot on the underlying storage system should + be deleted when its bound VolumeSnapshot is deleted. Supported values + are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are kept. "Delete" + means that the VolumeSnapshotContent and its physical snapshot on + underlying storage system are deleted. In dynamic snapshot creation + case, this field will be filled in with the "DeletionPolicy" field + defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For + pre-existing snapshots, users MUST specify this field when creating + the VolumeSnapshotContent object. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the CSI driver used to create the + physical snapshot on the underlying storage system. This MUST be the + same as the name returned by the CSI GetPluginName() call for that + driver. Required. + type: string + source: + description: source specifies from where a snapshot will be created. + This field is immutable after creation. Required. + properties: + snapshotHandle: + description: snapshotHandle specifies the CSI "snapshot_id" of a + pre-existing snapshot on the underlying storage system. This field + is immutable. + type: string + volumeHandle: + description: volumeHandle specifies the CSI "volume_id" of the volume + from which a snapshot should be dynamically taken from. This field + is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the VolumeSnapshotClass to which this snapshot + belongs. + type: string + volumeSnapshotRef: + description: volumeSnapshotRef specifies the VolumeSnapshot object to + which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName + field must reference to this VolumeSnapshotContent's name for the + bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent + object, name and namespace of the VolumeSnapshot object MUST be provided + for binding to happen. This field is immutable after creation. Required. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - driver + - source + - volumeSnapshotRef + type: object + status: + description: status represents the current information of a snapshot. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates the creation time is unknown. The + format of this field is a Unix nanoseconds time encoded as an int64. + On Unix, the command `date +%s%N` returns the current time in nanoseconds + since 1970-01-01 00:00:00 UTC. + format: int64 + type: integer + error: + description: error is the latest observed error during snapshot creation, + if any. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + format: int64 + minimum: 0 + type: integer + snapshotHandle: + description: snapshotHandle is the CSI "snapshot_id" of a snapshot on + the underlying storage system. If not specified, it indicates that + dynamic snapshot creation has either failed or it is still in progress. + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml b/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml index 736ae2b..0bca3e4 100644 --- a/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml +++ b/files/digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml @@ -2,14 +2,186 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null name: volumesnapshots.snapshot.storage.k8s.io spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .spec.source.persistentVolumeClaimName + description: Name of the source PVC from where a dynamically taken snapshot will + be created. + name: SourcePVC + type: string + - JSONPath: .spec.source.volumeSnapshotContentName + description: Name of the VolumeSnapshotContent which represents a pre-provisioned + snapshot. + name: SourceSnapshotContent + type: string + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot. + name: RestoreSize + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. + name: SnapshotClass + type: string + - JSONPath: .status.boundVolumeSnapshotContentName + description: The name of the VolumeSnapshotContent to which this VolumeSnapshot + is bound. + name: SnapshotContent + type: string + - JSONPath: .status.creationTime + description: Timestamp when the point-in-time snapshot is taken by the underlying + storage system. + name: CreationTime + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date group: snapshot.storage.k8s.io names: kind: VolumeSnapshot + listKind: VolumeSnapshotList plural: volumesnapshots + singular: volumesnapshot + preserveUnknownFields: false scope: Namespaced - version: v1alpha1 subresources: status: {} - + validation: + openAPIV3Schema: + description: VolumeSnapshot is a user's request for either creating a point-in-time + snapshot of a persistent volume, or binding to a pre-existing snapshot. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'spec defines the desired characteristics of a snapshot requested + by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots + Required.' + properties: + source: + description: source specifies where a snapshot will be created from. + This field is immutable after creation. Required. + properties: + persistentVolumeClaimName: + description: persistentVolumeClaimName specifies the name of the + PersistentVolumeClaim object in the same namespace as the VolumeSnapshot + object where the snapshot should be dynamically taken from. This + field is immutable. + type: string + volumeSnapshotContentName: + description: volumeSnapshotContentName specifies the name of a pre-existing + VolumeSnapshotContent object. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass + requested by the VolumeSnapshot. If not specified, the default snapshot + class will be used if one exists. If not specified, and there is no + default snapshot class, dynamic snapshot creation will fail. Empty + string is not allowed for this field. TODO(xiangqian): a webhook validation + on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' + type: string + required: + - source + type: object + status: + description: 'status represents the current information of a snapshot. NOTE: + status can be modified by sources other than system controllers, and must + not be depended upon for accuracy. Controllers should only use information + from the VolumeSnapshotContent object after verifying that the binding + is accurate and complete.' + properties: + boundVolumeSnapshotContentName: + description: 'boundVolumeSnapshotContentName represents the name of + the VolumeSnapshotContent object to which the VolumeSnapshot object + is bound. If not specified, it indicates that the VolumeSnapshot object + has not been successfully bound to a VolumeSnapshotContent object + yet. NOTE: Specified boundVolumeSnapshotContentName alone does not + mean binding is valid. Controllers MUST always verify bidirectional + binding between VolumeSnapshot and VolumeSnapshotContent to + avoid possible security issues.' + type: string + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates that the creation time of the snapshot + is unknown. + format: date-time + type: string + error: + description: error is the last observed error during snapshot creation, + if any. This field could be helpful to upper level controllers(i.e., + application controller) to decide whether they should continue on + waiting for the snapshot to be created based on the type of error + reported. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + anyOf: + - type: integer + - type: string + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/files/linode/csi-linode-controller-StatefulSet.yaml b/files/linode/csi-linode-controller-StatefulSet.yaml index 82b6832..e61a3ad 100644 --- a/files/linode/csi-linode-controller-StatefulSet.yaml +++ b/files/linode/csi-linode-controller-StatefulSet.yaml @@ -60,7 +60,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: linode-csi-plugin - image: linode/linode-blockstorage-csi-driver:v0.1.4 + image: linode/linode-blockstorage-csi-driver:v0.1.6 args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(LINODE_TOKEN)" diff --git a/files/linode/csi-linode-node-DaemonSet.yaml b/files/linode/csi-linode-node-DaemonSet.yaml index fb9cbe1..edd3ae9 100644 --- a/files/linode/csi-linode-node-DaemonSet.yaml +++ b/files/linode/csi-linode-node-DaemonSet.yaml @@ -56,7 +56,7 @@ spec: - name: registration-dir mountPath: /registration/ - name: csi-linode-plugin - image: linode/linode-blockstorage-csi-driver:v0.1.4 + image: linode/linode-blockstorage-csi-driver:v0.1.6 args : - "--endpoint=$(CSI_ENDPOINT)" - "--token=$(LINODE_TOKEN)" diff --git a/files/local/local-path-config-ConfigMap.yaml b/files/local/local-path-config-ConfigMap.yaml index 82af77d..6537b8f 100644 --- a/files/local/local-path-config-ConfigMap.yaml +++ b/files/local/local-path-config-ConfigMap.yaml @@ -13,4 +13,12 @@ data: } ] } + setup: |- + #!/bin/sh + path=$1 + mkdir -m 0777 -p ${path} + teardown: |- + #!/bin/sh + path=$1 + rm -rf ${path} diff --git a/files/local/local-path-provisioner-Deployment.yaml b/files/local/local-path-provisioner-Deployment.yaml index 8bf9abd..b2de1af 100644 --- a/files/local/local-path-provisioner-Deployment.yaml +++ b/files/local/local-path-provisioner-Deployment.yaml @@ -16,7 +16,7 @@ spec: serviceAccountName: local-path-provisioner-service-account containers: - name: local-path-provisioner - image: rancher/local-path-provisioner:v0.0.12 + image: rancher/local-path-provisioner:v0.0.14 imagePullPolicy: IfNotPresent command: - local-path-provisioner diff --git a/tasks/digital_ocean.yml b/tasks/digital_ocean.yml index 7124c9b..36e25c9 100644 --- a/tasks/digital_ocean.yml +++ b/tasks/digital_ocean.yml @@ -12,7 +12,7 @@ when: - not storage_digitalocean|bool - - name: Add secret for DigitalOcean Access Key + - name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }} k8s: state: "{{ storage_digitalocean_state }}" context: "{{ my_context }}" @@ -24,19 +24,19 @@ namespace: kube-system type: Opaque stringData: - access-token: "{{ digitalocean_token }}" + access-token: "{{ digitalocean_token | default('token_missing') }}" - - name: digitalocean-storage need to be {{ storage_linode_state }} + - name: digitalocean-storage need to be {{ storage_digitalocean_state }} k8s: state: "{{ storage_digitalocean_state }}" context: "{{ my_context }}" merge_type: merge resource_definition: "{{ lookup('file', item) | from_yaml }}" with_items: - - "digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml" - "digitalocean/volumesnapshotclasses.snapshot.storage.k8s.io-CustomResourceDefinition.yaml" - "digitalocean/volumesnapshotcontents.snapshot.storage.k8s.io-CustomResourceDefinition.yaml" - "digitalocean/volumesnapshots.snapshot.storage.k8s.io-CustomResourceDefinition.yaml" + - "digitalocean/dobs.csi.digitalocean.com-CSIDriver.yaml" - "digitalocean/do-block-storage-VolumeSnapshotClass.yaml" - "digitalocean/do-block-storage-StorageClass.yaml" - "digitalocean/csi-do-controller-StatefulSet.yaml" @@ -53,3 +53,7 @@ - "digitalocean/csi-do-node-sa-ServiceAccount.yaml" - "digitalocean/csi-do-node-driver-registrar-role-ClusterRole.yaml" - "digitalocean/csi-do-node-driver-registrar-binding-ClusterRoleBinding.yaml" + - "digitalocean/snapshot-controller-StatefulSet.yaml" + - "digitalocean/snapshot-controller-ServiceAccount.yaml" + - "digitalocean/snapshot-controller-role-ClusterRole.yaml" + - "digitalocean/snapshot-controller-binding-ClusterRoleBinding.yaml" diff --git a/tasks/linode.yml b/tasks/linode.yml index 4654366..5af2e70 100644 --- a/tasks/linode.yml +++ b/tasks/linode.yml @@ -24,8 +24,8 @@ namespace: kube-system type: Opaque stringData: - token: "{{ LINODE_TOKEN }}" - region: "{{ LINODE_REGION }}" + token: "{{ LINODE_TOKEN | default('token_missing')}}" + region: "{{ LINODE_REGION | default('token_missing')}}" - name: linode-storage need to be {{ storage_linode_state }} k8s: