diff --git a/files/longhorn/longhorn-driver-deployer-Deployment.yaml b/files/longhorn/longhorn-driver-deployer-Deployment.yaml index 9790ce1..7e31fba 100644 --- a/files/longhorn/longhorn-driver-deployer-Deployment.yaml +++ b/files/longhorn/longhorn-driver-deployer-Deployment.yaml @@ -15,18 +15,18 @@ spec: spec: initContainers: - name: wait-longhorn-manager - image: longhornio/longhorn-manager:v1.0.2 + image: longhornio/longhorn-manager:v1.0.1 command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-driver-deployer - image: longhornio/longhorn-manager:v1.0.2 + image: longhornio/longhorn-manager:v1.0.1 imagePullPolicy: IfNotPresent command: - longhorn-manager - -d - deploy-driver - --manager-image - - longhornio/longhorn-manager:v1.0.2 + - longhornio/longhorn-manager:v1.0.1 - --manager-url - http://longhorn-backend:9500/v1 env: diff --git a/files/longhorn/longhorn-manager-DaemonSet.yaml b/files/longhorn/longhorn-manager-DaemonSet.yaml index 8e43de6..7d2d788 100644 --- a/files/longhorn/longhorn-manager-DaemonSet.yaml +++ b/files/longhorn/longhorn-manager-DaemonSet.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: longhorn-manager - image: longhornio/longhorn-manager:v1.0.2 + image: longhornio/longhorn-manager:v1.0.1 imagePullPolicy: IfNotPresent securityContext: privileged: true @@ -25,11 +25,11 @@ spec: - -d - daemon - --engine-image - - longhornio/longhorn-engine:v1.0.2 + - longhornio/longhorn-engine:v1.0.1 - --instance-manager-image - longhornio/longhorn-instance-manager:v1_20200514 - --manager-image - - longhornio/longhorn-manager:v1.0.2 + - longhornio/longhorn-manager:v1.0.1 - --service-account - longhorn-service-account ports: @@ -45,7 +45,6 @@ spec: mountPath: /host/proc/ - name: varrun mountPath: /var/run/ - mountPropagation: Bidirectional - name: longhorn mountPath: /var/lib/longhorn/ mountPropagation: Bidirectional diff --git a/files/longhorn/longhorn-psp-PodSecurityPolicy.yaml b/files/longhorn/longhorn-psp-PodSecurityPolicy.yaml deleted file mode 100644 index cbaac6a..0000000 --- a/files/longhorn/longhorn-psp-PodSecurityPolicy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: longhorn-psp -spec: - privileged: true - allowPrivilegeEscalation: true - requiredDropCapabilities: - - NET_RAW - allowedCapabilities: - - SYS_ADMIN - hostNetwork: false - hostIPC: false - hostPID: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - fsGroup: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - secret - - projected - - hostPath diff --git a/files/longhorn/longhorn-psp-binding-RoleBinding.yaml b/files/longhorn/longhorn-psp-binding-RoleBinding.yaml deleted file mode 100644 index fbbdb0c..0000000 --- a/files/longhorn/longhorn-psp-binding-RoleBinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: longhorn-psp-binding - namespace: longhorn-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: longhorn-psp-role -subjects: - - kind: ServiceAccount - name: longhorn-service-account - namespace: longhorn-system - - kind: ServiceAccount - name: default - namespace: longhorn-system diff --git a/files/longhorn/longhorn-psp-role-Role.yaml b/files/longhorn/longhorn-psp-role-Role.yaml deleted file mode 100644 index 6140f6a..0000000 --- a/files/longhorn/longhorn-psp-role-Role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: longhorn-psp-role - namespace: longhorn-system -rules: - - apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - longhorn-psp diff --git a/files/longhorn/longhorn-ui-Deployment.yaml b/files/longhorn/longhorn-ui-Deployment.yaml index 1ecf6a3..85e2c75 100644 --- a/files/longhorn/longhorn-ui-Deployment.yaml +++ b/files/longhorn/longhorn-ui-Deployment.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: longhorn-ui - image: longhornio/longhorn-ui:v1.0.2 + image: longhornio/longhorn-ui:v1.0.1 imagePullPolicy: IfNotPresent securityContext: runAsUser: 0 diff --git a/files/secrets-store/csi-secrets-store-DaemonSet.yaml b/files/secrets-store/csi-secrets-store-DaemonSet.yaml index e44a0a5..d06f605 100644 --- a/files/secrets-store/csi-secrets-store-DaemonSet.yaml +++ b/files/secrets-store/csi-secrets-store-DaemonSet.yaml @@ -43,7 +43,7 @@ spec: - name: registration-dir mountPath: /registration - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13 + image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.12 args: - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" diff --git a/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml b/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml index 0c407d6..0ae0e1b 100644 --- a/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml +++ b/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml @@ -1,7 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: secretproviderclasses-role rules: - apiGroups: @@ -11,6 +10,28 @@ rules: verbs: - get - list + - update + - watch +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - secretproviderclasses/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - update + - patch + - list - watch - apiGroups: - secrets-store.csi.x-k8s.io @@ -30,5 +51,5 @@ rules: - secretproviderclasspodstatuses/status verbs: - get - - patch - update + - patch diff --git a/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml b/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml index bab9954..9b0466b 100644 --- a/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml +++ b/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml @@ -12,7 +12,6 @@ spec: listKind: SecretProviderClassList plural: secretproviderclasses singular: secretproviderclass - preserveUnknownFields: false scope: Namespaced validation: openAPIV3Schema: @@ -60,11 +59,6 @@ spec: type: string type: object type: array - labels: - additionalProperties: - type: string - description: labels of K8s secret object - type: object secretName: description: name of the K8s secret object type: string diff --git a/vars/longhorn.yaml b/vars/longhorn.yaml index 2db69bb..d25f9f8 100644 --- a/vars/longhorn.yaml +++ b/vars/longhorn.yaml @@ -12,9 +12,6 @@ storage_longhorn_files_list: - "nodes.longhorn.io-CustomResourceDefinition.yaml" - "instancemanagers.longhorn.io-CustomResourceDefinition.yaml" - "longhorn-default-setting-ConfigMap.yaml" - - "longhorn-psp-PodSecurityPolicy.yaml" - - "longhorn-psp-role-Role.yaml" - - "longhorn-psp-binding-RoleBinding.yaml" - "longhorn-manager-DaemonSet.yaml" - "longhorn-backend-Service.yaml" - "longhorn-ui-Deployment.yaml" diff --git a/vars/secrets_store_files_list.yml b/vars/secrets_store_files_list.yml index 616940d..be2b01b 100644 --- a/vars/secrets_store_files_list.yml +++ b/vars/secrets_store_files_list.yml @@ -1,7 +1,7 @@ --- secrets_store_files: - - "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml" - "secrets-store/secretproviderclasses-role-ClusterRole.yaml" + - "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml" - "secrets-store/secretproviderclasses-rolebinding-ClusterRoleBinding.yaml" - "secrets-store/secrets-store.csi.k8s.io-CSIDriver.yaml" - "secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml"