From bd5a8bf77ce7447daff7fbab2a5dfe39665f5c3c Mon Sep 17 00:00:00 2001 From: Kyle Michel Date: Fri, 26 Mar 2021 17:27:29 -0400 Subject: [PATCH] Cleanup helm chart --- Makefile | 26 +-- charts/aws-ebs-csi-driver/Chart.yaml | 2 +- charts/aws-ebs-csi-driver/templates/NOTES.txt | 40 +++++ .../aws-ebs-csi-driver/templates/_helpers.tpl | 15 +- .../templates/clusterrole-attacher.yaml | 24 +-- .../templates/clusterrole-resizer.yaml | 38 ++--- .../clusterrole-snapshot-controller.yaml | 51 +++--- .../templates/clusterrole-snapshotter.yaml | 32 ++-- .../templates/clusterrolebinding-resizer.yaml | 2 +- ...lusterrolebinding-snapshot-controller.yaml | 3 - .../clusterrolebinding-snapshotter.yaml | 3 - .../templates/controller.yaml | 161 +++++++++--------- .../templates/csidriver.yaml | 2 +- charts/aws-ebs-csi-driver/templates/node.yaml | 82 ++++----- .../poddisruptionbudget-controller.yaml | 17 ++ ...ddisruptionbudget-snapshot-controller.yaml | 14 ++ ...le-snapshot-controller-leaderelection.yaml | 9 +- ...ng-snapshot-controller-leaderelection.yaml | 3 - .../serviceaccount-csi-controller.yaml | 3 +- .../templates/serviceaccount-csi-node.yaml | 3 +- .../serviceaccount-snapshot-controller.yaml | 5 +- .../templates/snapshot-controller.yaml | 29 ++-- .../templates/storageclass.yaml | 8 +- charts/aws-ebs-csi-driver/values.yaml | 154 ++++++++++------- .../kubernetes/base/clusterrole-attacher.yaml | 24 +-- .../base/clusterrole-snapshot-controller.yaml | 33 ++++ .../base/clusterrole-snapshotter.yaml | 24 +++ .../base/clusterrolebinding-attacher.yaml | 2 +- .../base/clusterrolebinding-provisioner.yaml | 2 +- ...usterrolebinding-snapshot-controller.yaml} | 2 +- .../clusterrolebinding-snapshotter.yaml} | 2 +- deploy/kubernetes/base/controller.yaml | 17 +- deploy/kubernetes/base/kustomization.yaml | 10 ++ deploy/kubernetes/base/node.yaml | 6 +- .../base/poddisruptionbudget-controller.yaml | 14 ++ ...ddisruptionbudget-snapshot-controller.yaml | 14 ++ ...e-snapshot-controller-leaderelection.yaml} | 6 +- ...g-snapshot-controller-leaderelection.yaml} | 2 +- .../serviceaccount-snapshot-controller.yaml | 0 .../alpha => base}/snapshot_controller.yaml | 1 - .../overlays/alpha/clusterrole-resizer.yaml | 32 ++++ ...g.yaml => clusterrolebinding-resizer.yaml} | 2 +- .../alpha/controller_add_snapshotter.yaml | 20 --- .../overlays/alpha/kustomization.yaml | 13 +- .../alpha/rbac_add_resizer_clusterrole.yaml | 32 ---- ...c_add_snapshot_controller_clusterrole.yaml | 33 ---- .../rbac_add_snapshotter_clusterrole.yaml | 24 --- deploy/kubernetes/values/controller.yaml | 3 - docs/README.md | 3 +- hack/values.yaml | 1 - 50 files changed, 565 insertions(+), 483 deletions(-) create mode 100644 charts/aws-ebs-csi-driver/templates/poddisruptionbudget-controller.yaml create mode 100644 charts/aws-ebs-csi-driver/templates/poddisruptionbudget-snapshot-controller.yaml create mode 100644 deploy/kubernetes/base/clusterrole-snapshot-controller.yaml create mode 100644 deploy/kubernetes/base/clusterrole-snapshotter.yaml rename deploy/kubernetes/{overlays/alpha/rbac_add_snapshot_controller_clusterrolebinding.yaml => base/clusterrolebinding-snapshot-controller.yaml} (94%) rename deploy/kubernetes/{overlays/alpha/rbac_add_snapshotter_clusterrolebinding.yaml => base/clusterrolebinding-snapshotter.yaml} (93%) create mode 100644 deploy/kubernetes/base/poddisruptionbudget-controller.yaml create mode 100644 deploy/kubernetes/base/poddisruptionbudget-snapshot-controller.yaml rename deploy/kubernetes/{overlays/alpha/rbac_add_snapshot_controller_leaderelection_role.yaml => base/role-snapshot-controller-leaderelection.yaml} (65%) rename deploy/kubernetes/{overlays/alpha/rbac_add_snapshot_controller_leaderelection_rolebinding.yaml => base/rolebinding-snapshot-controller-leaderelection.yaml} (94%) rename deploy/kubernetes/{overlays/alpha => base}/serviceaccount-snapshot-controller.yaml (100%) rename deploy/kubernetes/{overlays/alpha => base}/snapshot_controller.yaml (98%) create mode 100644 deploy/kubernetes/overlays/alpha/clusterrole-resizer.yaml rename deploy/kubernetes/overlays/alpha/{rbac_add_resizer_clusterrolebinding.yaml => clusterrolebinding-resizer.yaml} (93%) delete mode 100644 deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml delete mode 100644 deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrole.yaml delete mode 100644 deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrole.yaml delete mode 100644 deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrole.yaml diff --git a/Makefile b/Makefile index 7634351a55..faf9170624 100644 --- a/Makefile +++ b/Makefile @@ -142,20 +142,22 @@ verify-vendor: generate-kustomize: bin/helm cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-attacher.yaml > ../../deploy/kubernetes/base/clusterrole-attacher.yaml cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-provisioner.yaml > ../../deploy/kubernetes/base/clusterrole-provisioner.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-attacher.yaml > ../../deploy/kubernetes/base/clusterrolebinding-attacher.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-provisioner.yaml > ../../deploy/kubernetes/base/clusterrolebinding-provisioner.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-resizer.yaml -f ../../deploy/kubernetes/values/resizer.yaml > ../../deploy/kubernetes/overlays/alpha/clusterrole-resizer.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-snapshot-controller.yaml > ../../deploy/kubernetes/base/clusterrole-snapshot-controller.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-snapshotter.yaml > ../../deploy/kubernetes/base/clusterrole-snapshotter.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-attacher.yaml -n kube-system > ../../deploy/kubernetes/base/clusterrolebinding-attacher.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-provisioner.yaml -n kube-system > ../../deploy/kubernetes/base/clusterrolebinding-provisioner.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-resizer.yaml -f ../../deploy/kubernetes/values/resizer.yaml -n kube-system > ../../deploy/kubernetes/overlays/alpha/clusterrolebinding-resizer.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-snapshot-controller.yaml -n kube-system > ../../deploy/kubernetes/base/clusterrolebinding-snapshot-controller.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-snapshotter.yaml -n kube-system > ../../deploy/kubernetes/base/clusterrolebinding-snapshotter.yaml cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/controller.yaml -f ../../deploy/kubernetes/values/controller.yaml > ../../deploy/kubernetes/base/controller.yaml cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/csidriver.yaml > ../../deploy/kubernetes/base/csidriver.yaml cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/node.yaml -f ../../deploy/kubernetes/values/controller.yaml > ../../deploy/kubernetes/base/node.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/poddisruptionbudget-controller.yaml > ../../deploy/kubernetes/base/poddisruptionbudget-controller.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/poddisruptionbudget-snapshot-controller.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/base/poddisruptionbudget-snapshot-controller.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/role-snapshot-controller-leaderelection.yaml -n kube-system > ../../deploy/kubernetes/base/role-snapshot-controller-leaderelection.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/rolebinding-snapshot-controller-leaderelection.yaml -n kube-system > ../../deploy/kubernetes/base/rolebinding-snapshot-controller-leaderelection.yaml cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-csi-controller.yaml > ../../deploy/kubernetes/base/serviceaccount-csi-controller.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-resizer.yaml -f ../../deploy/kubernetes/values/resizer.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrole.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-snapshot-controller.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrole.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-snapshotter.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrole.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-resizer.yaml -f ../../deploy/kubernetes/values/resizer.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrolebinding.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-snapshot-controller.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrolebinding.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-snapshotter.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrolebinding.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/role-snapshot-controller-leaderelection.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_role.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/rolebinding-snapshot-controller-leaderelection.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_rolebinding.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-snapshot-controller.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/serviceaccount-snapshot-controller.yaml - cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/snapshot-controller.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/overlays/alpha/snapshot_controller.yaml cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-csi-node.yaml > ../../deploy/kubernetes/base/serviceaccount-csi-node.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-snapshot-controller.yaml > ../../deploy/kubernetes/base/serviceaccount-snapshot-controller.yaml + cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/snapshot-controller.yaml -f ../../deploy/kubernetes/values/snapshotter.yaml > ../../deploy/kubernetes/base/snapshot_controller.yaml diff --git a/charts/aws-ebs-csi-driver/Chart.yaml b/charts/aws-ebs-csi-driver/Chart.yaml index 21d427a005..94f5660b6d 100644 --- a/charts/aws-ebs-csi-driver/Chart.yaml +++ b/charts/aws-ebs-csi-driver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.10.1" name: aws-ebs-csi-driver description: A Helm chart for AWS EBS CSI Driver -version: 0.10.2 +version: 0.11.0 kubeVersion: ">=1.17.0-0" home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver sources: diff --git a/charts/aws-ebs-csi-driver/templates/NOTES.txt b/charts/aws-ebs-csi-driver/templates/NOTES.txt index 3717647d78..c03adb1e90 100644 --- a/charts/aws-ebs-csi-driver/templates/NOTES.txt +++ b/charts/aws-ebs-csi-driver/templates/NOTES.txt @@ -1,3 +1,43 @@ To verify that aws-ebs-csi-driver has started, run: kubectl get pod -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" + + +WARNING: The following values have been deprecated in favor of moving them into the controller or node groups. They will be removed in a subsequent release. + +affinity: +enableVolumeScheduling: +enableVolumeResizing: +extraCreateMetadata: +extraVolumeTags: +k8sTagClusterId: +nodeSelector: +podAnnotations: +priorityClassName: +region: +replicaCount: +resources: +tolerations: +topologySpreadConstraints: +volumeAttachLimit: + +are moving to + +controller: + affinity: + enableVolumeScheduling: + enableVolumeResizing: + extraCreateMetadata: + extraVolumeTags: + k8sTagClusterId: + nodeSelector: + podAnnotations: + priorityClassName: + region: + replicaCount: + resources: + tolerations: + topologySpreadConstraints: + +node: + volumeAttachLimit: diff --git a/charts/aws-ebs-csi-driver/templates/_helpers.tpl b/charts/aws-ebs-csi-driver/templates/_helpers.tpl index fdc77c4ec8..1168339c54 100644 --- a/charts/aws-ebs-csi-driver/templates/_helpers.tpl +++ b/charts/aws-ebs-csi-driver/templates/_helpers.tpl @@ -59,11 +59,24 @@ app.kubernetes.io/instance: {{ .Release.Name }} Convert the `--extra-volume-tags` command line arg from a map. */}} {{- define "aws-ebs-csi-driver.extra-volume-tags" -}} +{{- $evt := default .Values.extraVolumeTags .Values.controller.extraVolumeTags }} {{- $result := dict "pairs" (list) -}} -{{- range $key, $value := .Values.extraVolumeTags -}} +{{- range $key, $value := $evt -}} {{- $noop := printf "%s=%s" $key $value | append $result.pairs | set $result "pairs" -}} {{- end -}} {{- if gt (len $result.pairs) 0 -}} {{- printf "%s=%s" "- --extra-volume-tags" (join "," $result.pairs) -}} {{- end -}} {{- end -}} + +{{/* +Handle http proxy env vars +*/}} +{{- define "aws-ebs-csi-driver.http-proxy" -}} +- name: HTTP_PROXY + value: {{ .Values.proxy.http_proxy | quote }} +- name: HTTPS_PROXY + value: {{ .Values.proxy.http_proxy | quote }} +- name: NO_PROXY + value: {{ .Values.proxy.no_proxy | quote }} +{{- end -}} \ No newline at end of file diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml index e0919cec14..816fdf66ed 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml @@ -6,18 +6,18 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "nodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "csi.storage.k8s.io" ] + resources: [ "csinodeinfos" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "volumeattachments" ] + verbs: [ "get", "list", "watch", "update", "patch" ] - apiGroups: [ "storage.k8s.io" ] resources: [ "volumeattachments/status" ] verbs: [ "patch" ] diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml index 9d85b97ca4..9ae910e4b7 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml @@ -1,4 +1,4 @@ -{{- if .Values.enableVolumeResizing }} +{{- if or .Values.controller.enableVolumeResizing .Values.enableVolumeResizing }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -12,22 +12,22 @@ rules: # - apiGroups: [""] # resources: ["secrets"] # verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims/status" ] + verbs: [ "update", "patch" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "pods" ] + verbs: [ "get", "list", "watch" ] {{- end}} diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml index ffdb1b7d5d..b5b7978831 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -7,29 +6,27 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - -{{- end }} + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims" ] + verbs: [ "get", "list", "watch", "update" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots" ] + verbs: [ "get", "list", "watch", "update" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots/status" ] + verbs: [ "update" ] diff --git a/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml b/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml index 061b56582b..5fada8b4f9 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -7,19 +6,18 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] -{{- end }} + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "secrets" ] + verbs: [ "get", "list" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents/status" ] + verbs: [ "update" ] diff --git a/charts/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml b/charts/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml index 6fe42d1240..443e21abf0 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml @@ -1,4 +1,4 @@ -{{- if .Values.enableVolumeResizing }} +{{- if or .Values.controller.enableVolumeResizing .Values.enableVolumeResizing }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml b/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml index b74484f91d..55a634fb22 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -14,5 +13,3 @@ roleRef: kind: ClusterRole name: ebs-snapshot-controller-role apiGroup: rbac.authorization.k8s.io - -{{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml b/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml index cbc1169e85..e9f36246ec 100644 --- a/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +++ b/charts/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -14,5 +13,3 @@ roleRef: kind: ClusterRole name: ebs-external-snapshotter-role apiGroup: rbac.authorization.k8s.io - -{{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/controller.yaml b/charts/aws-ebs-csi-driver/templates/controller.yaml index 770417ea3d..6cd483a7eb 100644 --- a/charts/aws-ebs-csi-driver/templates/controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/controller.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} + replicas: {{ default .Values.replicaCount .Values.controller.replicaCount }} selector: matchLabels: app: ebs-csi-controller @@ -16,40 +16,43 @@ spec: labels: app: ebs-csi-controller {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} - {{- if .Values.podAnnotations }} - annotations: {{ toYaml .Values.podAnnotations | nindent 8 }} + {{- if .Values.controller.podAnnotations }} + annotations: + {{- toYaml .Values.controller.podAnnotations | nindent 8 }} + {{- else if .Values.podAnnotations}} + annotations: + {{- toYaml .Values.podAnnotations | nindent 8 }} {{- end }} spec: nodeSelector: kubernetes.io/os: linux - {{- with .Values.nodeSelector }} -{{ toYaml . | indent 8 }} + {{- with default .Values.nodeSelector .Values.controller.nodeSelector }} + {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ .Values.serviceAccount.controller.name }} - priorityClassName: {{ .Values.priorityClassName | default "system-cluster-critical" }} - {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 }} + priorityClassName: {{ default .Values.priorityClassName .Values.controller.priorityClassName }} + {{- with default .Values.affinity .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} {{- end }} tolerations: - {{- if .Values.tolerateAllTaints }} - - operator: Exists - {{- else }} - key: CriticalAddonsOnly operator: Exists - operator: Exists effect: NoExecute tolerationSeconds: 300 + {{- with default .Values.tolerations .Values.controller.tolerations }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} -{{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.topologySpreadConstraints }} -{{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }} + {{- if or .Values.controller.topologySpreadConstraints .Values.topologySpreadConstraints }} + {{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }} + {{- $constraints := list }} + {{- range default .Values.topologySpreadConstraints .Values.controller.topologySpreadConstraints }} + {{- $constraints = mustAppend $constraints (mergeOverwrite . $tscLabelSelector) }} + {{- end }} topologySpreadConstraints: - {{- range .Values.topologySpreadConstraints }} - - {{ mergeOverwrite . $tscLabelSelector | toJson }} - {{- end }} -{{- end }} + {{- $constraints | toYaml | nindent 8 }} + {{- end }} containers: - name: ebs-plugin image: {{ .Values.image.repository }}:{{ .Values.image.tag }} @@ -61,11 +64,11 @@ spec: # - {all,controller,node} # specify the driver mode {{- end }} - --endpoint=$(CSI_ENDPOINT) - {{- if .Values.extraVolumeTags }} + {{- if or .Values.controller.extraVolumeTags .Values.extraVolumeTags }} {{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }} {{- end }} - {{- if .Values.k8sTagClusterId }} - - --k8s-tag-cluster-id={{ .Values.k8sTagClusterId }} + {{- with default .Values.k8sTagClusterId .Values.controller.k8sTagClusterId }} + - --k8s-tag-cluster-id={{ . }} {{- end }} {{- if .Values.controller.httpEndpoint }} - --http-endpoint={{ .Values.controller.httpEndpoint }} @@ -87,9 +90,9 @@ spec: name: aws-secret key: access_key optional: true - {{- if .Values.region }} + {{- if or .Values.controller.region .Values.region }} - name: AWS_REGION - value: {{ .Values.region }} + value: {{ default .Values.region .Values.controller.region }} {{- end }} {{- if .Values.controller.extraVars }} {{- range $key, $val := .Values.controller.extraVars }} @@ -97,14 +100,12 @@ spec: value: "{{ $val }}" {{- end }} {{- end }} -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.controller.env.ebsPlugin }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -128,18 +129,19 @@ spec: timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 5 - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.ebsPlugin) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} - name: csi-provisioner image: {{ printf "%s:%s" .Values.sidecars.provisionerImage.repository .Values.sidecars.provisionerImage.tag }} args: - --csi-address=$(ADDRESS) - --v=5 - {{- if .Values.enableVolumeScheduling }} + {{- if or .Values.controller.enableVolumeScheduling .Values.enableVolumeScheduling }} - --feature-gates=Topology=true {{- end}} - {{- if .Values.extraCreateMetadata }} + {{- if or .Values.controller.extraCreateMetadata .Values.extraCreateMetadata }} - --extra-create-metadata {{- end}} - --leader-election=true @@ -147,19 +149,18 @@ spec: env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.controller.env.provisioner }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.provisioner) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} - name: csi-attacher image: {{ printf "%s:%s" .Values.sidecars.attacherImage.repository .Values.sidecars.attacherImage.tag }} @@ -170,21 +171,19 @@ spec: env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.controller.env.attacher }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.attacher) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} - {{- if .Values.enableVolumeSnapshot }} - name: csi-snapshotter image: {{ printf "%s:%s" .Values.sidecars.snapshotterImage.repository .Values.sidecars.snapshotterImage.tag }} args: @@ -193,22 +192,20 @@ spec: env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.controller.env.snapshotter }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.snapshotter) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} - {{- end }} - {{- if .Values.enableVolumeResizing }} + {{- if or .Values.controller.enableVolumeResizing .Values.enableVolumeResizing }} - name: csi-resizer image: {{ printf "%s:%s" .Values.sidecars.resizerImage.repository .Values.sidecars.resizerImage.tag }} imagePullPolicy: Always @@ -218,19 +215,18 @@ spec: env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.controller.env.resizer }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.resizer) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - name: liveness-probe @@ -240,8 +236,9 @@ spec: volumeMounts: - name: socket-dir mountPath: /csi - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.liveness) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: diff --git a/charts/aws-ebs-csi-driver/templates/csidriver.yaml b/charts/aws-ebs-csi-driver/templates/csidriver.yaml index 2ea2a0623d..6598355ae0 100644 --- a/charts/aws-ebs-csi-driver/templates/csidriver.yaml +++ b/charts/aws-ebs-csi-driver/templates/csidriver.yaml @@ -1,4 +1,4 @@ -apiVersion: storage.k8s.io/v1 +apiVersion: {{ ternary "storage.k8s.io/v1" "storage.k8s.io/v1beta1" (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.Version) }} kind: CSIDriver metadata: name: ebs.csi.aws.com diff --git a/charts/aws-ebs-csi-driver/templates/node.yaml b/charts/aws-ebs-csi-driver/templates/node.yaml index fcb4e8af3e..92b7fcf996 100644 --- a/charts/aws-ebs-csi-driver/templates/node.yaml +++ b/charts/aws-ebs-csi-driver/templates/node.yaml @@ -15,8 +15,9 @@ spec: labels: app: ebs-csi-node {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} - {{- if .Values.node.podAnnotations }} - annotations: {{ toYaml .Values.node.podAnnotations | nindent 8 }} + {{- with .Values.node.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} {{- end }} spec: affinity: @@ -31,11 +32,11 @@ spec: nodeSelector: kubernetes.io/os: linux {{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} hostNetwork: true serviceAccountName: {{ .Values.serviceAccount.node.name }} - priorityClassName: {{ .Values.node.priorityClassName | default "system-cluster-critical" }} + priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }} tolerations: {{- if .Values.node.tolerateAllTaints }} - operator: Exists @@ -47,7 +48,7 @@ spec: tolerationSeconds: 300 {{- end }} {{- with .Values.node.tolerations }} -{{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - name: ebs-plugin @@ -57,22 +58,20 @@ spec: args: - node - --endpoint=$(CSI_ENDPOINT) - {{- if .Values.volumeAttachLimit }} - - --volume-attach-limit={{ .Values.volumeAttachLimit }} + {{- with default .Values.volumeAttachLimit .Values.node.volumeAttachLimit }} + - --volume-attach-limit={{ . }} {{- end }} - --logtostderr - --v=5 env: - name: CSI_ENDPOINT value: unix:/csi/csi.sock -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.node.env.ebsPlugin }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet @@ -93,14 +92,9 @@ spec: timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 5 - {{- if .Values.node.resources }} - {{- with .Values.node.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - {{- else }} - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} + {{- with default .Values.resources (default .Values.node.resources .Values.node.containerResources.ebsPlugin) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} - name: node-driver-registrar image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrarImage.repository .Values.sidecars.nodeDriverRegistrarImage.tag }} @@ -113,27 +107,20 @@ spec: value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.node.env.nodeDriverRegistrar }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: plugin-dir mountPath: /csi - name: registration-dir mountPath: /registration - {{- if .Values.node.resources }} - {{- with .Values.node.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - {{- else }} - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} + {{- with default .Values.resources (default .Values.node.resources .Values.node.containerResources.nodeDriverRegistrar) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} - name: liveness-probe image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }} @@ -142,14 +129,9 @@ spec: volumeMounts: - name: plugin-dir mountPath: /csi - {{- if .Values.node.resources }} - {{- with .Values.node.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} - {{- else }} - {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} - {{- end }} + {{- with default .Values.resources (default .Values.node.resources .Values.node.containerResources.liveness) }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: @@ -160,15 +142,15 @@ spec: volumes: - name: kubelet-dir hostPath: - path: /var/lib/kubelet + path: {{ .Values.node.kubeletPath }} type: Directory - name: plugin-dir hostPath: - path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + path: {{ printf "%s/plugins/ebs.csi.aws.com/" (trimSuffix "/" .Values.node.kubeletPath) }} type: DirectoryOrCreate - name: registration-dir hostPath: - path: /var/lib/kubelet/plugins_registry/ + path: {{ printf "%s/plugins_registry/" (trimSuffix "/" .Values.node.kubeletPath) }} type: Directory - name: device-dir hostPath: diff --git a/charts/aws-ebs-csi-driver/templates/poddisruptionbudget-controller.yaml b/charts/aws-ebs-csi-driver/templates/poddisruptionbudget-controller.yaml new file mode 100644 index 0000000000..5dc12197f9 --- /dev/null +++ b/charts/aws-ebs-csi-driver/templates/poddisruptionbudget-controller.yaml @@ -0,0 +1,17 @@ +{{- $replicas := (default .Values.replicaCount .Values.controller.replicaCount) | int }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ebs-csi-controller + labels: + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: ebs-csi-controller + {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} + {{- if le $replicas 2 }} + maxUnavailable: 1 + {{- else }} + minAvailable: 2 + {{- end }} \ No newline at end of file diff --git a/charts/aws-ebs-csi-driver/templates/poddisruptionbudget-snapshot-controller.yaml b/charts/aws-ebs-csi-driver/templates/poddisruptionbudget-snapshot-controller.yaml new file mode 100644 index 0000000000..ca1003a000 --- /dev/null +++ b/charts/aws-ebs-csi-driver/templates/poddisruptionbudget-snapshot-controller.yaml @@ -0,0 +1,14 @@ +{{- if .Values.enableVolumeSnapshot }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ebs-snapshot-controller + labels: + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: ebs-snapshot-controller + {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} + maxUnavailable: 1 +{{- end }} \ No newline at end of file diff --git a/charts/aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml b/charts/aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml index 4d09e4cabf..2b55a16ad8 100644 --- a/charts/aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml +++ b/charts/aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 @@ -7,8 +6,6 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - -{{- end }} + - apiGroups: [ "coordination.k8s.io" ] + resources: [ "leases" ] + verbs: [ "get", "watch", "list", "delete", "update", "create" ] diff --git a/charts/aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml b/charts/aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml index e8248bd850..74095f382c 100644 --- a/charts/aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml +++ b/charts/aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -14,5 +13,3 @@ roleRef: kind: Role name: ebs-snapshot-controller-leaderelection apiGroup: rbac.authorization.k8s.io - -{{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml b/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml index 0490c32736..b465c3be25 100644 --- a/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml @@ -6,7 +6,8 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} {{- with .Values.serviceAccount.controller.annotations }} - annotations: {{ toYaml . | nindent 4 }} + annotations: + {{- toYaml . | nindent 4 }} {{- end }} {{- if eq .Release.Name "kustomize" }} #Enable if EKS IAM for SA is used diff --git a/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-node.yaml b/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-node.yaml index 2e93f7271d..4722b2a95e 100644 --- a/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-node.yaml +++ b/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-node.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} {{- with .Values.serviceAccount.node.annotations }} - annotations: {{ toYaml . | nindent 4 }} + annotations: + {{- toYaml . | nindent 4 }} {{- end }} {{- end -}} diff --git a/charts/aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml b/charts/aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml index 19d27cb86f..9d2c68114b 100644 --- a/charts/aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml @@ -1,4 +1,3 @@ -{{- if .Values.enableVolumeSnapshot }} {{- if .Values.serviceAccount.snapshot.create }} --- apiVersion: v1 @@ -8,7 +7,7 @@ metadata: labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} {{- with .Values.serviceAccount.snapshot.annotations }} - annotations: {{ toYaml . | nindent 4 }} + annotations: + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/aws-ebs-csi-driver/templates/snapshot-controller.yaml b/charts/aws-ebs-csi-driver/templates/snapshot-controller.yaml index 0748684258..82ada8168b 100644 --- a/charts/aws-ebs-csi-driver/templates/snapshot-controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/snapshot-controller.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 metadata: name: ebs-snapshot-controller labels: - {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} spec: serviceName: ebs-snapshot-controller replicas: 1 @@ -23,40 +23,33 @@ spec: nodeSelector: kubernetes.io/os: linux {{- with .Values.nodeSelector }} -{{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | default "system-cluster-critical" }} {{- with .Values.affinity }} - affinity: {{ toYaml . | nindent 8 }} + affinity: + {{- toYaml . | nindent 8 }} {{- end }} tolerations: - {{- if .Values.tolerateAllTaints }} - - operator: Exists - {{- else }} - key: CriticalAddonsOnly operator: Exists - operator: Exists effect: NoExecute tolerationSeconds: 300 - {{- end }} {{- with .Values.tolerations }} -{{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - name: snapshot-controller image: {{ printf "%s:%s" .Values.snapshotController.repository .Values.snapshotController.tag }} {{- with .Values.resources }} - resources: {{ toYaml . | nindent 12 }} + resources: + {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.proxy.http_proxy }} env: -{{- if .Values.proxy.http_proxy }} - - name: HTTP_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: HTTPS_PROXY - value: {{ .Values.proxy.http_proxy | quote }} - - name: NO_PROXY - value: {{ .Values.proxy.no_proxy | quote }} -{{- end }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} args: - --v=5 - --leader-election=false @@ -66,4 +59,4 @@ spec: - name: {{ . }} {{- end }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/aws-ebs-csi-driver/templates/storageclass.yaml b/charts/aws-ebs-csi-driver/templates/storageclass.yaml index 3da90e3d9b..847f5e2165 100644 --- a/charts/aws-ebs-csi-driver/templates/storageclass.yaml +++ b/charts/aws-ebs-csi-driver/templates/storageclass.yaml @@ -4,11 +4,11 @@ kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: {{ .name }} - {{- if .annotations }} - annotations: {{- .annotations | toYaml | trim | nindent 4 }} + {{- with .annotations }} + annotations: {{- . | toYaml | trim | nindent 4 }} {{- end }} - {{- if .labels }} - labels: {{- .labels | toYaml | trim | nindent 4 }} + {{- with .labels }} + labels: {{- . | toYaml | trim | nindent 4 }} {{- end }} provisioner: ebs.csi.aws.com {{ omit (dict "volumeBindingMode" "WaitForFirstConsumer" | merge .) "name" "annotations" "labels" | toYaml }} diff --git a/charts/aws-ebs-csi-driver/values.yaml b/charts/aws-ebs-csi-driver/values.yaml index b21f7308d0..fbc30e46d1 100644 --- a/charts/aws-ebs-csi-driver/values.yaml +++ b/charts/aws-ebs-csi-driver/values.yaml @@ -2,8 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 2 - image: repository: k8s.gcr.io/provider-aws/aws-ebs-csi-driver tag: "v0.10.1" @@ -33,30 +31,75 @@ snapshotController: repository: k8s.gcr.io/sig-storage/snapshot-controller tag: "v3.0.3" -proxy: {} -# http_proxy: -# no_proxy: +proxy: + http_proxy: + no_proxy: imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -podAnnotations: {} - -# True if enable volume scheduling for dynamic volume provisioning -enableVolumeScheduling: true - -# True if enable volume resizing -enableVolumeResizing: false +nameOverride: +fullnameOverride: # True if enable volume snapshot enableVolumeSnapshot: false -# The "maximum number of attachable volumes" per node -volumeAttachLimit: "" +# Moving to values under controller +affinity: {} +enableVolumeScheduling: true +enableVolumeResizing: false +extraCreateMetadata: false +extraVolumeTags: {} +k8sTagClusterId: +nodeSelector: {} +podAnnotations: {} +priorityClassName: "system-cluster-critical" +region: +replicaCount: 2 +resources: {} +tolerations: [] +topologySpreadConstraints: [] -resources: - {} +controller: + affinity: {} + # True if enable volume scheduling for dynamic volume provisioning + enableVolumeScheduling: true + # True if enable volume resizing + enableVolumeResizing: false + env: + ebsPlugin: [] + provisioner: [] + attacher: [] + snapshotter: [] + resizer: [] + # If set, add pv/pvc metadata to plugin create requests as parameters. + extraCreateMetadata: false + # Will be removed in later version in favor of env.ebsPlugin + extraVars: {} + # Extra volume tags to attach to each dynamically provisioned volume. + # --- + # extraVolumeTags: + # key1: value1 + # key2: value2 + extraVolumeTags: {} + httpEndpoint: + # ID of the Kubernetes cluster used for tagging provisioned EBS volumes (optional). + k8sTagClusterId: + nodeSelector: {} + podAnnotations: {} + priorityClassName: + # AWS region to use. If not specified then the region will be looked up via the AWS EC2 metadata + # service. + # --- + # region: us-east-1 + region: + replicaCount: + resources: {} + containerResources: + ebsPlugin: {} + provisioner: {} + attacher: {} + snapshotter: {} + resizer: {} + liveness: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -67,58 +110,41 @@ resources: # requests: # cpu: 100m # memory: 128Mi - -priorityClassName: "" -nodeSelector: {} -tolerateAllTaints: false -tolerations: [] -affinity: {} - -# TSCs without the label selector stanza -# -# Example: -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: topology.kubernetes.io/zone -# whenUnsatisfiable: ScheduleAnyway -# - maxSkew: 1 -# topologyKey: kubernetes.io/hostname -# whenUnsatisfiable: ScheduleAnyway - -topologySpreadConstraints: [] - -# Extra volume tags to attach to each dynamically provisioned volume. -# --- -# extraVolumeTags: -# key1: value1 -# key2: value2 -extraVolumeTags: {} - -# If set, add pv/pvc metadata to plugin create requests as parameters. -extraCreateMetadata: false - -# ID of the Kubernetes cluster used for tagging provisioned EBS volumes (optional). -k8sTagClusterId: "" - -# AWS region to use. If not specified then the region will be looked up via the AWS EC2 metadata -# service. -# --- -# region: us-east-1 -region: "" - -# Additonal environment variables for the controller -controller: - httpEndpoint: "" - extraVars: {} + tolerations: [] + # TSCs without the label selector stanza + # + # Example: + # + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # - maxSkew: 1 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: ScheduleAnyway + topologySpreadConstraints: [] + + +# Moving to values under node +# The "maximum number of attachable volumes" per node +volumeAttachLimit: node: - priorityClassName: "" + env: + ebsPlugin: [] + nodeDriverRegistrar: [] + kubeletPath: /var/lib/kubelet + priorityClassName: nodeSelector: {} podAnnotations: {} tolerateAllTaints: false tolerations: [] resources: {} + containerResources: + ebsPlugin: {} + nodeDriverRegistrar: {} + liveness: {} + volumeAttachLimit: serviceAccount: controller: diff --git a/deploy/kubernetes/base/clusterrole-attacher.yaml b/deploy/kubernetes/base/clusterrole-attacher.yaml index eb8db8838d..be5e471bd8 100644 --- a/deploy/kubernetes/base/clusterrole-attacher.yaml +++ b/deploy/kubernetes/base/clusterrole-attacher.yaml @@ -7,18 +7,18 @@ metadata: labels: app.kubernetes.io/name: aws-ebs-csi-driver rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "nodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "csi.storage.k8s.io" ] + resources: [ "csinodeinfos" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "volumeattachments" ] + verbs: [ "get", "list", "watch", "update", "patch" ] - apiGroups: [ "storage.k8s.io" ] resources: [ "volumeattachments/status" ] verbs: [ "patch" ] diff --git a/deploy/kubernetes/base/clusterrole-snapshot-controller.yaml b/deploy/kubernetes/base/clusterrole-snapshot-controller.yaml new file mode 100644 index 0000000000..cff0fe0077 --- /dev/null +++ b/deploy/kubernetes/base/clusterrole-snapshot-controller.yaml @@ -0,0 +1,33 @@ +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver +rules: + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims" ] + verbs: [ "get", "list", "watch", "update" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots" ] + verbs: [ "get", "list", "watch", "update" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots/status" ] + verbs: [ "update" ] diff --git a/deploy/kubernetes/base/clusterrole-snapshotter.yaml b/deploy/kubernetes/base/clusterrole-snapshotter.yaml new file mode 100644 index 0000000000..846d6a9498 --- /dev/null +++ b/deploy/kubernetes/base/clusterrole-snapshotter.yaml @@ -0,0 +1,24 @@ +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver +rules: + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "secrets" ] + verbs: [ "get", "list" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents/status" ] + verbs: [ "update" ] diff --git a/deploy/kubernetes/base/clusterrolebinding-attacher.yaml b/deploy/kubernetes/base/clusterrolebinding-attacher.yaml index 5715d2651b..9a97b8efcb 100644 --- a/deploy/kubernetes/base/clusterrolebinding-attacher.yaml +++ b/deploy/kubernetes/base/clusterrolebinding-attacher.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: ebs-csi-controller-sa - namespace: default + namespace: kube-system roleRef: kind: ClusterRole name: ebs-external-attacher-role diff --git a/deploy/kubernetes/base/clusterrolebinding-provisioner.yaml b/deploy/kubernetes/base/clusterrolebinding-provisioner.yaml index 3544bc61e2..084bed9df9 100644 --- a/deploy/kubernetes/base/clusterrolebinding-provisioner.yaml +++ b/deploy/kubernetes/base/clusterrolebinding-provisioner.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: ebs-csi-controller-sa - namespace: default + namespace: kube-system roleRef: kind: ClusterRole name: ebs-external-provisioner-role diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrolebinding.yaml b/deploy/kubernetes/base/clusterrolebinding-snapshot-controller.yaml similarity index 94% rename from deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrolebinding.yaml rename to deploy/kubernetes/base/clusterrolebinding-snapshot-controller.yaml index 6d7cbec1b3..10c021c889 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrolebinding.yaml +++ b/deploy/kubernetes/base/clusterrolebinding-snapshot-controller.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: ebs-snapshot-controller - namespace: default + namespace: kube-system roleRef: kind: ClusterRole name: ebs-snapshot-controller-role diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrolebinding.yaml b/deploy/kubernetes/base/clusterrolebinding-snapshotter.yaml similarity index 93% rename from deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrolebinding.yaml rename to deploy/kubernetes/base/clusterrolebinding-snapshotter.yaml index 7946414d59..7720ca5d23 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrolebinding.yaml +++ b/deploy/kubernetes/base/clusterrolebinding-snapshotter.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: ebs-csi-controller-sa - namespace: default + namespace: kube-system roleRef: kind: ClusterRole name: ebs-external-snapshotter-role diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml index 60831574f4..7a1cfd327f 100644 --- a/deploy/kubernetes/base/controller.yaml +++ b/deploy/kubernetes/base/controller.yaml @@ -31,7 +31,7 @@ spec: tolerationSeconds: 300 containers: - name: ebs-plugin - image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:latest + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.10.1 imagePullPolicy: IfNotPresent args: # - {all,controller,node} # specify the driver mode @@ -77,7 +77,7 @@ spec: periodSeconds: 10 failureThreshold: 5 - name: csi-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2 + image: k8s.gcr.io/sig-storage/csi-provisioner:v2.1.1 args: - --csi-address=$(ADDRESS) - --v=5 @@ -91,7 +91,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-attacher - image: k8s.gcr.io/sig-storage/csi-attacher:v3.0.0 + image: k8s.gcr.io/sig-storage/csi-attacher:v3.1.0 args: - --csi-address=$(ADDRESS) - --v=5 @@ -102,6 +102,17 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ - name: liveness-probe image: k8s.gcr.io/sig-storage/livenessprobe:v2.2.0 args: diff --git a/deploy/kubernetes/base/kustomization.yaml b/deploy/kubernetes/base/kustomization.yaml index b56941c7be..f3e1325c03 100644 --- a/deploy/kubernetes/base/kustomization.yaml +++ b/deploy/kubernetes/base/kustomization.yaml @@ -4,10 +4,20 @@ namespace: kube-system resources: - clusterrole-attacher.yaml - clusterrole-provisioner.yaml +- clusterrole-snapshot-controller.yaml +- clusterrole-snapshotter.yaml - clusterrolebinding-attacher.yaml - clusterrolebinding-provisioner.yaml +- clusterrolebinding-snapshot-controller.yaml +- clusterrolebinding-snapshotter.yaml - controller.yaml - csidriver.yaml - node.yaml +- poddisruptionbudget-controller.yaml +- poddisruptionbudget-snapshot-controller.yaml +- role-snapshot-controller-leaderelection.yaml +- rolebinding-snapshot-controller-leaderelection.yaml - serviceaccount-csi-controller.yaml - serviceaccount-csi-node.yaml +- serviceaccount-snapshot-controller.yaml +- snapshot_controller.yaml diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml index 8da2011b11..d923e67f96 100644 --- a/deploy/kubernetes/base/node.yaml +++ b/deploy/kubernetes/base/node.yaml @@ -31,7 +31,7 @@ spec: kubernetes.io/os: linux hostNetwork: true serviceAccountName: ebs-csi-node-sa - priorityClassName: system-cluster-critical + priorityClassName: system-node-critical tolerations: - key: CriticalAddonsOnly operator: Exists @@ -42,7 +42,7 @@ spec: - name: ebs-plugin securityContext: privileged: true - image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:latest + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.10.1 args: - node - --endpoint=$(CSI_ENDPOINT) @@ -72,7 +72,7 @@ spec: periodSeconds: 10 failureThreshold: 5 - name: node-driver-registrar - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) diff --git a/deploy/kubernetes/base/poddisruptionbudget-controller.yaml b/deploy/kubernetes/base/poddisruptionbudget-controller.yaml new file mode 100644 index 0000000000..80c834f8ab --- /dev/null +++ b/deploy/kubernetes/base/poddisruptionbudget-controller.yaml @@ -0,0 +1,14 @@ +--- +# Source: aws-ebs-csi-driver/templates/poddisruptionbudget-controller.yaml +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ebs-csi-controller + labels: + app.kubernetes.io/name: aws-ebs-csi-driver +spec: + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + maxUnavailable: 1 diff --git a/deploy/kubernetes/base/poddisruptionbudget-snapshot-controller.yaml b/deploy/kubernetes/base/poddisruptionbudget-snapshot-controller.yaml new file mode 100644 index 0000000000..cee8749077 --- /dev/null +++ b/deploy/kubernetes/base/poddisruptionbudget-snapshot-controller.yaml @@ -0,0 +1,14 @@ +--- +# Source: aws-ebs-csi-driver/templates/poddisruptionbudget-snapshot-controller.yaml +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ebs-snapshot-controller + labels: + app.kubernetes.io/name: aws-ebs-csi-driver +spec: + selector: + matchLabels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + maxUnavailable: 1 diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_role.yaml b/deploy/kubernetes/base/role-snapshot-controller-leaderelection.yaml similarity index 65% rename from deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_role.yaml rename to deploy/kubernetes/base/role-snapshot-controller-leaderelection.yaml index f050de3bc5..3ee9f032ec 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_role.yaml +++ b/deploy/kubernetes/base/role-snapshot-controller-leaderelection.yaml @@ -7,6 +7,6 @@ metadata: labels: app.kubernetes.io/name: aws-ebs-csi-driver rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [ "coordination.k8s.io" ] + resources: [ "leases" ] + verbs: [ "get", "watch", "list", "delete", "update", "create" ] diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_rolebinding.yaml b/deploy/kubernetes/base/rolebinding-snapshot-controller-leaderelection.yaml similarity index 94% rename from deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_rolebinding.yaml rename to deploy/kubernetes/base/rolebinding-snapshot-controller-leaderelection.yaml index fd9ab78b4b..9d66443b9a 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_leaderelection_rolebinding.yaml +++ b/deploy/kubernetes/base/rolebinding-snapshot-controller-leaderelection.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: ebs-snapshot-controller - namespace: default + namespace: kube-system roleRef: kind: Role name: ebs-snapshot-controller-leaderelection diff --git a/deploy/kubernetes/overlays/alpha/serviceaccount-snapshot-controller.yaml b/deploy/kubernetes/base/serviceaccount-snapshot-controller.yaml similarity index 100% rename from deploy/kubernetes/overlays/alpha/serviceaccount-snapshot-controller.yaml rename to deploy/kubernetes/base/serviceaccount-snapshot-controller.yaml diff --git a/deploy/kubernetes/overlays/alpha/snapshot_controller.yaml b/deploy/kubernetes/base/snapshot_controller.yaml similarity index 98% rename from deploy/kubernetes/overlays/alpha/snapshot_controller.yaml rename to deploy/kubernetes/base/snapshot_controller.yaml index 66da199968..32af1e8845 100644 --- a/deploy/kubernetes/overlays/alpha/snapshot_controller.yaml +++ b/deploy/kubernetes/base/snapshot_controller.yaml @@ -33,7 +33,6 @@ spec: containers: - name: snapshot-controller image: k8s.gcr.io/sig-storage/snapshot-controller:v3.0.3 - env: args: - --v=5 - --leader-election=false diff --git a/deploy/kubernetes/overlays/alpha/clusterrole-resizer.yaml b/deploy/kubernetes/overlays/alpha/clusterrole-resizer.yaml new file mode 100644 index 0000000000..539a1f08f8 --- /dev/null +++ b/deploy/kubernetes/overlays/alpha/clusterrole-resizer.yaml @@ -0,0 +1,32 @@ +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims/status" ] + verbs: [ "update", "patch" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "pods" ] + verbs: [ "get", "list", "watch" ] diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrolebinding.yaml b/deploy/kubernetes/overlays/alpha/clusterrolebinding-resizer.yaml similarity index 93% rename from deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrolebinding.yaml rename to deploy/kubernetes/overlays/alpha/clusterrolebinding-resizer.yaml index c80a9a26bf..a840f51b83 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrolebinding.yaml +++ b/deploy/kubernetes/overlays/alpha/clusterrolebinding-resizer.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: ebs-csi-controller-sa - namespace: default + namespace: kube-system roleRef: kind: ClusterRole name: ebs-external-resizer-role diff --git a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml deleted file mode 100644 index 11af8a6491..0000000000 --- a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml +++ /dev/null @@ -1,20 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: ebs-csi-controller - namespace: kube-system -spec: - template: - spec: - containers: - - name: csi-snapshotter - image: k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3 - args: - - --csi-address=$(ADDRESS) - - --leader-election=true - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ diff --git a/deploy/kubernetes/overlays/alpha/kustomization.yaml b/deploy/kubernetes/overlays/alpha/kustomization.yaml index 8bdc46339d..1a8df07d56 100644 --- a/deploy/kubernetes/overlays/alpha/kustomization.yaml +++ b/deploy/kubernetes/overlays/alpha/kustomization.yaml @@ -3,16 +3,7 @@ kind: Kustomization bases: - ../../base patchesStrategicMerge: -- controller_add_snapshotter.yaml - controller_add_resizer.yaml resources: -- rbac_add_resizer_clusterrole.yaml -- rbac_add_resizer_clusterrolebinding.yaml -- rbac_add_snapshot_controller_clusterrole.yaml -- rbac_add_snapshot_controller_clusterrolebinding.yaml -- rbac_add_snapshot_controller_leaderelection_role.yaml -- rbac_add_snapshot_controller_leaderelection_rolebinding.yaml -- rbac_add_snapshotter_clusterrole.yaml -- rbac_add_snapshotter_clusterrolebinding.yaml -- serviceaccount-snapshot-controller.yaml -- snapshot_controller.yaml +- clusterrole-resizer.yaml +- clusterrolebinding-resizer.yaml diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrole.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrole.yaml deleted file mode 100644 index a782d7a8e6..0000000000 --- a/deploy/kubernetes/overlays/alpha/rbac_add_resizer_clusterrole.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-external-resizer-role - labels: - app.kubernetes.io/name: aws-ebs-csi-driver -rules: - # The following rule should be uncommented for plugins that require secrets - # for provisioning. - # - apiGroups: [""] - # resources: ["secrets"] - # verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrole.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrole.yaml deleted file mode 100644 index 48428cb673..0000000000 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller_clusterrole.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-snapshot-controller-role - labels: - app.kubernetes.io/name: aws-ebs-csi-driver -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrole.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrole.yaml deleted file mode 100644 index 1cad85eb27..0000000000 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter_clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-external-snapshotter-role - labels: - app.kubernetes.io/name: aws-ebs-csi-driver -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] diff --git a/deploy/kubernetes/values/controller.yaml b/deploy/kubernetes/values/controller.yaml index 5748b62efd..77a99d9230 100644 --- a/deploy/kubernetes/values/controller.yaml +++ b/deploy/kubernetes/values/controller.yaml @@ -1,4 +1 @@ -image: - tag: latest - enableVolumeScheduling: true diff --git a/docs/README.md b/docs/README.md index 160b7af02d..497c0dd9bf 100644 --- a/docs/README.md +++ b/docs/README.md @@ -139,7 +139,7 @@ If your cluster is v1.14+, you can skip this step. Install the `CSINodeInfo` CRD kubectl create -f https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csinodeinfo.yaml ``` #### Config node toleration settings -By default, driver tolerates taint `CriticalAddonsOnly` and has `tolerationSeconds` configured as `300`, to deploy the driver on any nodes, please set helm `Value.node.tolerateAllTaints` and `Value.tolerateAllTaints` to true before deployment +By default, driver tolerates taint `CriticalAddonsOnly` and has `tolerationSeconds` configured as `300`, to deploy the driver on any nodes, please set helm `Value.node.tolerateAllTaints` to true before deployment #### Deploy driver Please see the compatibility matrix above before you deploy the driver @@ -173,7 +173,6 @@ helm upgrade --install aws-ebs-csi-driver \ --namespace kube-system \ --set enableVolumeScheduling=true \ --set enableVolumeResizing=true \ - --set enableVolumeSnapshot=true \ aws-ebs-csi-driver/aws-ebs-csi-driver ``` diff --git a/hack/values.yaml b/hack/values.yaml index b504ae4d0b..0ceccbc7d5 100644 --- a/hack/values.yaml +++ b/hack/values.yaml @@ -1,3 +1,2 @@ enableVolumeScheduling: true enableVolumeResizing: true -enableVolumeSnapshot: true