diff --git a/Makefile b/Makefile index 02d111a9d..0cf3eb6c3 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ GIT_COMMIT ?= $(shell git rev-parse HEAD) REGISTRY ?= andyzhangx REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g") IMAGE_NAME ?= blob-csi -IMAGE_VERSION ?= v0.7.0 +IMAGE_VERSION ?= v0.7.1 # Use a custom version for E2E tests if we are in Prow ifdef CI ifndef PUBLISH diff --git a/README.md b/README.md index f63d6f022..fa67ba2c2 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Since `v0.7.0`, driver name changed from `blobfuse.csi.azure.com` to `blob.csi.a |Azure Blob Storage CSI driver Version | Image | 1.14+ | |-----------------------------------------|----------------------------------------------|--------| |master branch |mcr.microsoft.com/k8s/csi/blob-csi:latest | yes | -|v0.7.0 |mcr.microsoft.com/k8s/csi/blob-csi:v0.7.0 | yes | +|v0.7.1 |mcr.microsoft.com/k8s/csi/blob-csi:v0.7.1 | yes | ### Driver parameters Please refer to `blob.csi.azure.com` [driver parameters](./docs/driver-parameters.md) diff --git a/charts/README.md b/charts/README.md index 0b13b230b..f86765964 100644 --- a/charts/README.md +++ b/charts/README.md @@ -31,7 +31,7 @@ $ helm search repo -l blob-csi-driver/ ### Install a specific version of Helm chart Specify the version of the chart to be installed using the `--version` parameter. ```console -helm install blob-csi-driver blob-csi-driver/blob-csi-driver --namespace kube-system --version v0.7.0 +helm install blob-csi-driver blob-csi-driver/blob-csi-driver --namespace kube-system --version v0.7.1 ``` ## Uninstall diff --git a/charts/index.yaml b/charts/index.yaml index ab6031d28..53eca8918 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -2,36 +2,26 @@ apiVersion: v1 entries: blob-csi-driver: - apiVersion: v1 - appVersion: v0.7.0 - created: "2020-08-14T02:58:30.518545111Z" - description: Azure Blob Storage CSI driver - digest: 6d758b8e4a480a8d006f7e73c51d32ea0b568b8ba1364d4ac33549e3bedfc9a7 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v0.7.0/blob-csi-driver-v0.7.0.tgz - version: v0.7.0 - - apiVersion: v1 - appVersion: latest - created: "2020-08-14T02:58:30.518080406Z" + appVersion: v0.7.1 + created: "2020-12-30T02:50:05.304217196Z" description: Azure Blob Storage CSI driver - digest: a85285af0500bfb2160f910863db8174f9e7399f845d784ff99dda7812accfdf + digest: d6ac5c1ee779f84f8051040f08e81987ebc9e2f6893ab18789a3e7a55a847088 name: blob-csi-driver urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v0.7.0/blob-csi-driver-latest.tgz - version: latest + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v0.7.1/blob-csi-driver-v0.7.1.tgz + version: v0.7.1 - apiVersion: v1 - appVersion: latest - created: "2020-08-14T02:58:30.515604779Z" + appVersion: v0.7.0 + created: "2020-12-30T02:50:05.303304489Z" description: Azure Blob Storage CSI driver - digest: a85285af0500bfb2160f910863db8174f9e7399f845d784ff99dda7812accfdf + digest: 6d758b8e4a480a8d006f7e73c51d32ea0b568b8ba1364d4ac33549e3bedfc9a7 name: blob-csi-driver urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/latest/blob-csi-driver-latest.tgz - version: latest - blobfuse-csi-driver: + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v0.7.0/blob-csi-driver-v0.7.0.tgz + version: v0.7.0 - apiVersion: v1 appVersion: v0.6.0 - created: "2020-08-14T02:58:30.5175966Z" + created: "2020-12-30T02:50:05.301516574Z" description: BlobFuse Container Storage Interface (CSI) Storage Plugin digest: 2bea484bc1e87097b048ab2e1615683b8b7db614059fb624a0a2b18ad0920926 name: blobfuse-csi-driver @@ -40,7 +30,7 @@ entries: version: v0.6.0 - apiVersion: v1 appVersion: v0.5.0 - created: "2020-08-14T02:58:30.517063195Z" + created: "2020-12-30T02:50:05.29974996Z" description: BlobFuse Container Storage Interface (CSI) Storage Plugin digest: 11441a6025c319e97c0605f520c4be063eadc482670655bb6ecc4426bee2d49c name: blobfuse-csi-driver @@ -49,11 +39,11 @@ entries: version: v0.5.0 - apiVersion: v1 appVersion: v0.4.0 - created: "2020-08-14T02:58:30.516061584Z" + created: "2020-12-30T02:50:05.298649052Z" description: BlobFuse Container Storage Interface (CSI) Storage Plugin digest: 263e474a08598f1c7f518c1efed43eb23d9f12b146b3c47deda77aa99c0ca385 name: blobfuse-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v0.4.0/blobfuse-csi-driver-v0.4.0.tgz version: v0.4.0 -generated: "2020-08-14T02:58:30.51392056Z" +generated: "2020-12-30T02:50:05.294857721Z" diff --git a/charts/v0.7.1/blob-csi-driver-v0.7.1.tgz b/charts/v0.7.1/blob-csi-driver-v0.7.1.tgz new file mode 100644 index 000000000..dcdd91bbd Binary files /dev/null and b/charts/v0.7.1/blob-csi-driver-v0.7.1.tgz differ diff --git a/charts/v0.7.1/blob-csi-driver/Chart.yaml b/charts/v0.7.1/blob-csi-driver/Chart.yaml new file mode 100644 index 000000000..44df5303a --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: v0.7.1 +description: Azure Blob Storage CSI driver +name: blob-csi-driver +version: v0.7.1 diff --git a/charts/v0.7.1/blob-csi-driver/templates/NOTES.txt b/charts/v0.7.1/blob-csi-driver/templates/NOTES.txt new file mode 100644 index 000000000..9ad135dd4 --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/NOTES.txt @@ -0,0 +1,5 @@ +The Azure Blob Storage CSI driver is getting deployed to your cluster. + +To check Azure Blob Storage CSI driver pods status, please run: + + kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v0.7.1/blob-csi-driver/templates/_helpers.tpl b/charts/v0.7.1/blob-csi-driver/templates/_helpers.tpl new file mode 100644 index 000000000..5d5b3c704 --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/_helpers.tpl @@ -0,0 +1,11 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* labels for helm resources */}} +{{- define "blob.labels" -}} +labels: + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + revision: "{{ .Release.Revision }}" + chart: "{{ .Chart.Name }}" + chartVersion: "{{ .Chart.Version }}" +{{- end -}} diff --git a/charts/v0.7.1/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v0.7.1/blob-csi-driver/templates/csi-blob-controller.yaml new file mode 100644 index 000000000..c5ca16d1c --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/csi-blob-controller.yaml @@ -0,0 +1,142 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-blob-controller + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + app: csi-blob-controller + template: + metadata: +{{ include "blob.labels" . | indent 6 }} + app: csi-blob-controller + spec: + hostNetwork: true + serviceAccountName: csi-blob-controller-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "true" + effect: "NoSchedule" + containers: + - name: csi-provisioner + image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} + args: + - "-v=5" + - "--csi-address=$(ADDRESS)" + - "--enable-leader-election" + - "--leader-election-type=leases" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: csi-attacher + image: "{{ .Values.image.csiAttacher.repository }}:{{ .Values.image.csiAttacher.tag }}" + args: + - "-v=5" + - "-csi-address=$(ADDRESS)" + - "-timeout=120s" + - "-leader-election" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiAttacher.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: liveness-probe + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" + args: + - --csi-address=/csi/csi.sock + - --connection-timeout=3s + - --health-port=29632 + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: blob + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + ports: + - containerPort: 29632 + name: healthz + protocol: TCP + - containerPort: 29634 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /var/lib/waagent/ManagedIdentity-Settings + readOnly: true + name: msi + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - name: socket-dir + emptyDir: {} + - name: azure-cred + hostPath: + path: /etc/kubernetes/ + type: Directory + - name: msi + hostPath: + path: /var/lib/waagent/ManagedIdentity-Settings +--- diff --git a/charts/v0.7.1/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v0.7.1/blob-csi-driver/templates/csi-blob-driver.yaml new file mode 100644 index 000000000..8162afbfb --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/csi-blob-driver.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: blob.csi.azure.com +spec: + attachRequired: false + podInfoOnMount: true diff --git a/charts/v0.7.1/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v0.7.1/blob-csi-driver/templates/csi-blob-node.yaml new file mode 100644 index 000000000..fb3a1c19f --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/csi-blob-node.yaml @@ -0,0 +1,150 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-blob-node + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +spec: + selector: + matchLabels: + app: csi-blob-node + template: + metadata: +{{ include "blob.labels" . | indent 6 }} + app: csi-blob-node + spec: + hostNetwork: true + serviceAccountName: csi-blob-node-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + tolerations: + - operator: "Exists" + containers: + - name: liveness-probe + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" + args: + - --csi-address=/csi/csi.sock + - --connection-timeout=3s + - --health-port=29633 + - --v=5 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: node-driver-registrar + image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: blob + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" + ports: + - containerPort: 29633 + name: healthz + protocol: TCP + - containerPort: {{ .Values.node.metricsPort }} + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/ + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /var/lib/waagent/ManagedIdentity-Settings + readOnly: true + name: msi + - mountPath: /mnt + name: blob-cache + resources: + limits: + cpu: 800m + memory: 800Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/blob.csi.azure.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/ + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /etc/kubernetes/ + type: Directory + name: azure-cred + - hostPath: + path: /var/lib/waagent/ManagedIdentity-Settings + name: msi + - hostPath: + path: /mnt + name: blob-cache diff --git a/charts/v0.7.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v0.7.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml new file mode 100644 index 000000000..866679692 --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml @@ -0,0 +1,169 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-provisioner-role +{{ include "blob.labels" . | indent 2 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-provisioner-binding + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: blob-external-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-attacher-role +{{ include "blob.labels" . | indent 2 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-attacher-binding + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: blob-external-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-snapshotter-role +{{ include "blob.labels" . | indent 2 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-snapshotter-binding + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: blob-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: csi-blob-controller-secret-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-controller-secret-binding + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-blob-controller-secret-role + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/v0.7.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v0.7.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml new file mode 100644 index 000000000..49d0f4e4d --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml @@ -0,0 +1,27 @@ +{{- if .Values.rbac.create -}} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: csi-blob-node-secret-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-node-secret-binding + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: csi-blob-node-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-blob-node-secret-role + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/v0.7.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v0.7.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml new file mode 100644 index 000000000..33266b1c3 --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-blob-controller-sa + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +{{- end -}} diff --git a/charts/v0.7.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v0.7.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml new file mode 100644 index 000000000..4ca48c523 --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-blob-node-sa + namespace: {{ .Release.Namespace }} +{{ include "blob.labels" . | indent 2 }} +{{- end -}} diff --git a/charts/v0.7.1/blob-csi-driver/values.yaml b/charts/v0.7.1/blob-csi-driver/values.yaml new file mode 100644 index 000000000..d293e6a98 --- /dev/null +++ b/charts/v0.7.1/blob-csi-driver/values.yaml @@ -0,0 +1,33 @@ +image: + blob: + repository: mcr.microsoft.com/k8s/csi/blob-csi + tag: v0.7.1 + pullPolicy: IfNotPresent + csiProvisioner: + repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner + tag: v1.4.0 + pullPolicy: IfNotPresent + csiAttacher: + repository: mcr.microsoft.com/oss/kubernetes-csi/csi-attacher + tag: v2.2.0 + pullPolicy: IfNotPresent + livenessProbe: + repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe + tag: v1.1.0 + pullPolicy: IfNotPresent + nodeDriverRegistrar: + repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar + tag: v1.2.0 + pullPolicy: IfNotPresent + +serviceAccount: + create: true + +rbac: + create: true + +controller: + replicas: 2 + +node: + metricsPort: 29625 diff --git a/deploy/v0.7.1/csi-blob-controller.yaml b/deploy/v0.7.1/csi-blob-controller.yaml new file mode 100644 index 000000000..76b4657ab --- /dev/null +++ b/deploy/v0.7.1/csi-blob-controller.yaml @@ -0,0 +1,138 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-blob-controller + namespace: kube-system +spec: + replicas: 2 + selector: + matchLabels: + app: csi-blob-controller + template: + metadata: + labels: + app: csi-blob-controller + spec: + hostNetwork: true + serviceAccountName: csi-blob-controller-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "true" + effect: "NoSchedule" + containers: + - name: csi-provisioner + image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v1.4.0 + args: + - "-v=5" + - "--csi-address=$(ADDRESS)" + - "--enable-leader-election" + - "--leader-election-type=leases" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: csi-attacher + image: mcr.microsoft.com/oss/kubernetes-csi/csi-attacher:v2.2.0 + args: + - "-v=5" + - "-csi-address=$(ADDRESS)" + - "-timeout=120s" + - "-leader-election" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: liveness-probe + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + - --connection-timeout=3s + - --health-port=29632 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: blob + image: mcr.microsoft.com/k8s/csi/blob-csi:v0.7.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + ports: + - containerPort: 29632 + name: healthz + protocol: TCP + - containerPort: 29634 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /var/lib/waagent/ManagedIdentity-Settings + readOnly: true + name: msi + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - name: socket-dir + emptyDir: {} + - name: azure-cred + hostPath: + path: /etc/kubernetes/ + type: Directory + - name: msi + hostPath: + path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v0.7.1/csi-blob-driver.yaml b/deploy/v0.7.1/csi-blob-driver.yaml new file mode 100644 index 000000000..8162afbfb --- /dev/null +++ b/deploy/v0.7.1/csi-blob-driver.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: blob.csi.azure.com +spec: + attachRequired: false + podInfoOnMount: true diff --git a/deploy/v0.7.1/csi-blob-node.yaml b/deploy/v0.7.1/csi-blob-node.yaml new file mode 100644 index 000000000..fde00711c --- /dev/null +++ b/deploy/v0.7.1/csi-blob-node.yaml @@ -0,0 +1,150 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-blob-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-blob-node + template: + metadata: + labels: + app: csi-blob-node + spec: + hostNetwork: true + serviceAccountName: csi-blob-node-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + tolerations: + - operator: "Exists" + containers: + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + - --connection-timeout=3s + - --health-port=29633 + - --v=5 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: node-driver-registrar + image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v1.2.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: blob + image: mcr.microsoft.com/k8s/csi/blob-csi:v0.7.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--metrics-address=0.0.0.0:29635" + ports: + - containerPort: 29633 + name: healthz + protocol: TCP + - containerPort: 29635 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/ + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /var/lib/waagent/ManagedIdentity-Settings + readOnly: true + name: msi + - mountPath: /mnt + name: blob-cache + resources: + limits: + cpu: 800m + memory: 800Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/blob.csi.azure.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/ + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /etc/kubernetes/ + type: Directory + name: azure-cred + - hostPath: + path: /var/lib/waagent/ManagedIdentity-Settings + name: msi + - hostPath: + path: /mnt + name: blob-cache +--- diff --git a/deploy/v0.7.1/rbac-csi-blob-controller.yaml b/deploy/v0.7.1/rbac-csi-blob-controller.yaml new file mode 100644 index 000000000..8adb5801d --- /dev/null +++ b/deploy/v0.7.1/rbac-csi-blob-controller.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-blob-controller-sa + namespace: kube-system +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: blob-external-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: blob-external-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: blob-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-controller-secret-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-controller-secret-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-blob-controller-secret-role + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v0.7.1/rbac-csi-blob-node.yaml b/deploy/v0.7.1/rbac-csi-blob-node.yaml new file mode 100644 index 000000000..31de8c59b --- /dev/null +++ b/deploy/v0.7.1/rbac-csi-blob-node.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-blob-node-sa + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-node-secret-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-node-secret-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-blob-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-blob-node-secret-role + apiGroup: rbac.authorization.k8s.io diff --git a/docs/install-blob-csi-driver.md b/docs/install-blob-csi-driver.md index bb0cd5348..3cc8fe51b 100644 --- a/docs/install-blob-csi-driver.md +++ b/docs/install-blob-csi-driver.md @@ -1,4 +1,4 @@ ## Install Azure Blob Storage CSI driver on a Kubernetes cluster - [install CSI driver master version](./install-csi-driver-master.md) - - [install v0.7.0 CSI driver](./install-csi-driver-v0.7.0.md) + - [install v0.7.1 CSI driver](./install-csi-driver-v0.7.1.md) diff --git a/docs/install-csi-driver-v0.7.1.md b/docs/install-csi-driver-v0.7.1.md new file mode 100644 index 000000000..d2e0a19ab --- /dev/null +++ b/docs/install-csi-driver-v0.7.1.md @@ -0,0 +1,37 @@ +# Install Azure Blob Storage CSI driver v0.7.1 version on a kubernetes cluster + +If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). + +## Install with kubectl + - remote install +```console +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v0.7.1/deploy/install-driver.sh | bash -s v0.7.1 -- +``` + + - local install +```console +git clone https://github.com/kubernetes-sigs/blob-csi-driver.git +cd blob-csi-driver +./deploy/install-driver.sh v0.7.1 local +``` + +- check pods status: +```console +kubectl -n kube-system get pod -o wide -l app=csi-blob-controller +kubectl -n kube-system get pod -o wide -l app=csi-blob-node +``` + +example output: + +```console +NAME READY STATUS RESTARTS AGE IP NODE +csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 +csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 +csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 +csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 +``` + +- clean up Azure Blob Storage CSI driver +```console +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v0.7.1/deploy/uninstall-driver.sh | bash -s v0.7.1 -- +```