diff --git a/bin/update.sh b/bin/update.sh index 6f068e4..7c2a587 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -36,9 +36,6 @@ for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass done rm -fr files/digitalocean.old -if [ ! -d files/secrets-provider-gopass ]; then mkdir files/secrets-provider-gopass; fi -wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/master/deployment/provider-gopass-installer.yaml && \ - \mv provider-gopass-installer.yaml files/secrets-provider-gopass/ #https://github.com/scaleway/scaleway-csi diff --git a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml index c08de2e..e2196e6 100644 --- a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml +++ b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: external-attacher-role + name: external-attacher-runner subjects: - kind: ServiceAccount name: csi-controller-sa diff --git a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml index 0afdda4..084723d 100644 --- a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml +++ b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: external-provisioner-role + name: external-provisioner-runner subjects: - kind: ServiceAccount name: csi-controller-sa diff --git a/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml index 831447f..5437085 100644 --- a/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml +++ b/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: external-resizer-role + name: external-resizer-runner subjects: - kind: ServiceAccount name: csi-controller-sa diff --git a/files/linode/csi-linode-controller-StatefulSet.yaml b/files/linode/csi-linode-controller-StatefulSet.yaml index 47f06bb..aca3b92 100644 --- a/files/linode/csi-linode-controller-StatefulSet.yaml +++ b/files/linode/csi-linode-controller-StatefulSet.yaml @@ -78,7 +78,7 @@ spec: secretKeyRef: key: token name: linode - image: linode/linode-blockstorage-csi-driver:v0.4.1 + image: linode/linode-blockstorage-csi-driver:v0.4.0 imagePullPolicy: Always name: linode-csi-plugin volumeMounts: diff --git a/files/linode/csi-linode-node-DaemonSet.yaml b/files/linode/csi-linode-node-DaemonSet.yaml index 6dcfa0b..ec5ad39 100644 --- a/files/linode/csi-linode-node-DaemonSet.yaml +++ b/files/linode/csi-linode-node-DaemonSet.yaml @@ -56,7 +56,7 @@ spec: secretKeyRef: key: token name: linode - image: linode/linode-blockstorage-csi-driver:v0.4.1 + image: linode/linode-blockstorage-csi-driver:v0.4.0 imagePullPolicy: Always name: csi-linode-plugin securityContext: @@ -94,13 +94,6 @@ spec: - mountPath: /scripts name: get-linode-id serviceAccount: csi-node-sa - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists volumes: - emptyDir: {} name: linode-info diff --git a/files/secrets-provider-gopass/provider-gopass-installer.yaml b/files/secrets-provider-gopass/provider-gopass-installer.yaml deleted file mode 100644 index 74e1e90..0000000 --- a/files/secrets-provider-gopass/provider-gopass-installer.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app: csi-secrets-store-provider-gopass - name: csi-secrets-store-provider-gopass -spec: - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: csi-secrets-store-provider-gopass - template: - metadata: - labels: - app: csi-secrets-store-provider-gopass - spec: - tolerations: - containers: - - name: provider-gopass-installer - image: camptocamp/secrets-store-csi-driver-provider-gopass:0.0.1 - imagePullPolicy: Always - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 50m - memory: 100Mi - env: - # set TARGET_DIR env var and mount the same directory to to the container - - name: TARGET_DIR - value: "/etc/kubernetes/secrets-store-csi-providers" - volumeMounts: - - mountPath: "/etc/kubernetes/secrets-store-csi-providers" - name: providervol - volumes: - - name: providervol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/tasks/secrets-store.yml b/tasks/secrets-store.yml index 791dc85..589ec22 100644 --- a/tasks/secrets-store.yml +++ b/tasks/secrets-store.yml @@ -17,43 +17,19 @@ - name: Defined Secrets Store repository kubernetes.core.helm_repository: name: secrets-store-csi-driver - repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" + repo_url: "https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts" - name: Deploy Secrets Store chart kubernetes.core.helm: context: "{{ my_context }}" state: "{{ storage_secrets_store_state }}" name: csi-secrets-store - namespace: "kube-system" chart_ref: secrets-store-csi-driver/secrets-store-csi-driver - # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass - - name: Deploy Secrets Store CSI driver provider gopass - kubernetes.core.k8s: - state: "{{ storage_secrets_store_state }}" - context: "{{ my_context }}" - namespace: "kube-system" - apply: true - resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}" - - # https://github.com/Azure/secrets-store-csi-driver-provider-azure - - name: Deploy Secrets Store CSI driver provider azure - kubernetes.core.helm_repository: - name: csi-secrets-store-provider-azure - repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts" - - name: Deploy Secrets Store chart - kubernetes.core.helm: - context: "{{ my_context }}" - state: "{{ storage_secrets_store_state }}" - name: csi-secrets-store-provider-azure - namespace: "kube-system" - chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure - values: - secrets-store-csi-driver: - install: false - tags: - storage - secrets-store +# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass # https://github.com/hashicorp/vault-csi-provider +# https://github.com/Azure/secrets-store-csi-driver-provider-azure