Converting controller server statefulset to deployment (#134)

* Converting controller server statefulset to deployment * Ignore CVE * Addressing comments * Removing duplicate ignore CVEs
kubernetes-sigs · Jun 14, 2023 · b494df1 · b494df1
1 parent e98d15a
commit b494df1
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/.nancy-ignore b/.nancy-ignore
@@ -1,4 +1,4 @@
 CVE-2020-8561 ## CWE-610: Externally Controlled Reference to a Resource in Another Sphere 
-CVE-2021-25740 ## CWE-610: Externally Controlled Reference to a Resource in Another Sphere 
+CVE-2021-25740 ## CWE-610: Externally Controlled Reference to a Resource in Another Sphere
 sonatype-2022-6522 ## 1 non-CVE vuln [pkg:golang/k8s.io/apiserver@v0.26.3]
 CVE-2021-25749 ## Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.Fix not available in community till now.
diff --git a/deploy/kubernetes/driver/kubernetes/manifests/controller-server.yaml b/deploy/kubernetes/driver/kubernetes/manifests/controller-server.yaml
@@ -1,25 +1,27 @@
-kind: StatefulSet
+kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: ibm-vpc-block-csi-controller
   namespace: kube-system
   labels:
-    app: ibm-vpc-block-csi-driver
+    app: ibm-vpc-block-csi-controller
     addonmanager.kubernetes.io/mode: Reconcile
+    app.kubernetes.io/name: ibm-vpc-block-csi-driver
 spec:
-  serviceName: "ibm-vpc-block-service"
   replicas: 1
   selector:
     matchLabels:
-      app: ibm-vpc-block-csi-driver
+      app: ibm-vpc-block-csi-controller
+      app.kubernetes.io/name: ibm-vpc-block-csi-driver
   template:
     metadata:
       annotations:
         prometheus.io/scrape: "true"
         prometheus.io/port: "9080"
         prometheus.io/path: "/metrics"
       labels:
-        app: ibm-vpc-block-csi-driver
+        app: ibm-vpc-block-csi-controller
+        app.kubernetes.io/name: ibm-vpc-block-csi-driver
     spec:
       priorityClassName: system-cluster-critical
       serviceAccountName: ibm-vpc-block-controller-sa
@@ -207,4 +209,3 @@ spec:
         - name: customer-auth
           secret:
             secretName: storage-secret-store
-  volumeClaimTemplates: []
diff --git a/deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml b/deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml
@@ -4,20 +4,23 @@ metadata:
   name: ibm-vpc-block-csi-node
   namespace: kube-system
   labels:
-    app: ibm-vpc-block-csi-driver
+    app: ibm-vpc-block-csi-node
     addonmanager.kubernetes.io/mode: Reconcile
+    app.kubernetes.io/name: ibm-vpc-block-csi-driver
 spec:
   selector:
     matchLabels:
-      app: ibm-vpc-block-csi-driver
+      app: ibm-vpc-block-csi-node
+      app.kubernetes.io/name: ibm-vpc-block-csi-driver
   template:
     metadata:
       annotations:
         prometheus.io/scrape: "true"
         prometheus.io/port: "9080"
         prometheus.io/path: "/metrics"
       labels:
-        app: ibm-vpc-block-csi-driver
+        app: ibm-vpc-block-csi-node
+        app.kubernetes.io/name: ibm-vpc-block-csi-driver
     spec:
       priorityClassName: system-node-critical
       serviceAccountName: ibm-vpc-block-node-sa