kubermatic · mate4st · Dec 5, 2022 · Dec 5, 2022 · Dec 6, 2022 · Dec 6, 2022
diff --git a/addons/csi/vsphere/snapshot-webhook.yaml → ...phere/csi-snapshot-validatingwebhook.yaml b/addons/csi/vsphere/snapshot-webhook.yaml → ...phere/csi-snapshot-validatingwebhook.yaml
@@ -13,9 +13,10 @@
 # limitations under the License.
 
 # Sourced from:
-# - https://raw.githubusercontent.com/kubernetes-sigs/vsphere-csi-driver/release-2.5/manifests/vanilla/csi-snapshot-validatingwebhook.yaml
+# - https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/v2.7.0/manifests/vanilla/csi-snapshot-validatingwebhook.yaml
 # Modifications:
 #   - template function to replace base registry
+#   - change image domain to registry.k8s.io
 #   - remove ValidatingWebhookConfiguration (handled in code)
 #   - change webhook-certs secret name
 #   - add seccomp profile
@@ -24,7 +25,6 @@
 {{ if .Cluster.Features.Has "externalCloudProvider" }}
 {{ if eq .Cluster.CloudProviderName "vsphere" }}
 
-# Requires k8s 1.20+
 ---
 apiVersion: v1
 kind: Service
@@ -61,7 +61,7 @@ spec:
           type: RuntimeDefault
       containers:
         - name: snapshot-validation
-          image: {{ Image "registry.k8s.io/sig-storage/snapshot-validation-webhook:v5.0.1" }} # change the image if you wish to use your own custom validation server image
+          image: {{ Image "registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.0.1" }} # change the image if you wish to use your own custom validation server image
           imagePullPolicy: IfNotPresent
           args: ['--tls-cert-file=/run/secrets/tls/cert.pem', '--tls-private-key-file=/run/secrets/tls/key.pem']
           ports:
@@ -74,6 +74,5 @@ spec:
         - name: webhook-certs
           secret:
             secretName: csi-snapshot-webhook-certs
-
 {{ end }}
 {{ end }}
diff --git a/addons/csi/vsphere/namespace.yaml b/addons/csi/vsphere/namespace.yaml
@@ -0,0 +1,24 @@
+# Copyright 2022 The Kubermatic Kubernetes Platform contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ if .Cluster.Features.Has "externalCloudProvider" }}
+{{ if eq .Cluster.CloudProviderName "vsphere" }}
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vmware-system-csi
+
+{{ end }}
+{{ end }}
diff --git a/addons/csi/vsphere/snapshot-controller.yaml → ...csi/vsphere/rbac-snapshot-controller.yaml b/addons/csi/vsphere/snapshot-controller.yaml → ...csi/vsphere/rbac-snapshot-controller.yaml
@@ -13,22 +13,18 @@
 # limitations under the License.
 
 # Sourced from:
-# - https://github.com/kubernetes-csi/external-snapshotter/blob/release-5.0/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
-# - https://github.com/kubernetes-csi/external-snapshotter/blob/release-5.0/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
-# Modifications:
-#   - Set image tag to 5.0.1 to match the release version
-#   - template function to replace base registry
-#   - add seccomp profile
+# - https://github.com/kubernetes-csi/external-snapshotter/blob/v6.0.1/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
 
-{{ if .Cluster.Features.Has "externalCloudProvider" }}
-{{ if eq .Cluster.CloudProviderName "vsphere" }}
 # RBAC file for the snapshot controller.
 #
 # The snapshot controller implements the control loop for CSI snapshot functionality.
 # It should be installed as part of the base Kubernetes distribution in an appropriate
 # namespace for components implementing base system functionality. For installing with
 # Vanilla Kubernetes, kube-system makes sense for the namespace.
 
+{{ if .Cluster.Features.Has "externalCloudProvider" }}
+{{ if eq .Cluster.CloudProviderName "vsphere" }}
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -47,9 +43,6 @@ rules:
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
@@ -72,7 +65,6 @@ rules:
   # - apiGroups: [""]
   #   resources: ["nodes"]
   #   verbs: ["get", "list", "watch"]
-
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -111,51 +103,5 @@ roleRef:
   kind: Role
   name: snapshot-controller-leaderelection
   apiGroup: rbac.authorization.k8s.io
----
-
-# This YAML file shows how to deploy the snapshot controller
-
-# The snapshot controller implements the control loop for CSI snapshot functionality.
-# It should be installed as part of the base Kubernetes distribution in an appropriate
-# namespace for components implementing base system functionality. For installing with
-# Vanilla Kubernetes, kube-system makes sense for the namespace.
-
----
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: snapshot-controller
-  namespace: kube-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: snapshot-controller
-  # the snapshot controller won't be marked as ready if the v1 CRDs are unavailable
-  # in #504 the snapshot-controller will exit after around 7.5 seconds if it
-  # can't find the v1 CRDs so this value should be greater than that
-  minReadySeconds: 15
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: snapshot-controller
-    spec:
-      serviceAccount: snapshot-controller
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      containers:
-        - name: snapshot-controller
-          image: {{ Image "registry.k8s.io/sig-storage/snapshot-controller:v5.0.1" }}
-          args:
-            - "--v=5"
-            - "--leader-election=true"
-          imagePullPolicy: IfNotPresent
-
 {{ end }}
 {{ end }}
diff --git a/addons/csi/vsphere/setup-snapshot-controller.yaml b/addons/csi/vsphere/setup-snapshot-controller.yaml
@@ -0,0 +1,73 @@
+# Copyright 2022 The Kubermatic Kubernetes Platform contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Sourced from:
+# - https://github.com/kubernetes-csi/external-snapshotter/blob/v6.0.1/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
+# Modifications:
+#   - Set image tag to 6.0.1 to match the release version
+#   - change image domain to registry.k8s.io
+#   - template function to replace base registry
+#   - add seccomp profile
+#   - add --kube-api-qps=100 argument
+#   - add --kube-api-burst=100 argument
+
+
+# The snapshot controller implements the control loop for CSI snapshot functionality.
+# It should be installed as part of the base Kubernetes distribution in an appropriate
+# namespace for components implementing base system functionality. For installing with
+# Vanilla Kubernetes, kube-system makes sense for the namespace.
+
+{{ if .Cluster.Features.Has "externalCloudProvider" }}
+{{ if eq .Cluster.CloudProviderName "vsphere" }}
+
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: snapshot-controller
+  namespace: kube-system
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: snapshot-controller
+  # the snapshot controller won't be marked as ready if the v1 CRDs are unavailable
+  # in #504 the snapshot-controller will exit after around 7.5 seconds if it
+  # can't find the v1 CRDs so this value should be greater than that
+  minReadySeconds: 15
+  strategy:
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: snapshot-controller
+    spec:
+      serviceAccountName: snapshot-controller
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: snapshot-controller
+          image: {{ Image "registry.k8s.io/sig-storage/snapshot-controller:v6.0.1" }}
+          args:
+            - "--v=5"
+            - "--leader-election=true"
+            - "--kube-api-qps=100"
+            - "--kube-api-burst=100"
+          imagePullPolicy: IfNotPresent
+{{ end }}
+{{ end }}