From 92d3239edd6ae0ee65d240dda6b01987df8b1a83 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Fri, 18 Dec 2020 19:06:49 +0100 Subject: [PATCH] AWS CSI driver --- cmd/kops/create_cluster.go | 10 + k8s/crds/kops.k8s.io_clusters.yaml | 10 + pkg/apis/kops/componentconfig.go | 8 + pkg/apis/kops/v1alpha2/componentconfig.go | 8 + .../kops/v1alpha2/zz_generated.conversion.go | 48 ++ .../kops/v1alpha2/zz_generated.deepcopy.go | 26 + pkg/apis/kops/validation/aws.go | 16 + pkg/apis/kops/validation/aws_test.go | 37 ++ pkg/apis/kops/zz_generated.deepcopy.go | 26 + pkg/model/components/kubecontrollermanager.go | 8 - pkg/model/tests/data/bootstrapscript_0.txt | 1 + pkg/model/tests/data/bootstrapscript_1.txt | 1 + pkg/model/tests/data/bootstrapscript_2.txt | 1 + pkg/model/tests/data/bootstrapscript_3.txt | 1 + pkg/model/tests/data/bootstrapscript_4.txt | 1 + pkg/model/tests/data/bootstrapscript_5.txt | 1 + .../complex/expected-v1alpha2.yaml | 3 + .../gce_byo_sa/expected-v1alpha2.yaml | 1 + .../create_cluster/ha/expected-v1alpha2.yaml | 3 + .../ha_encrypt/expected-v1alpha2.yaml | 3 + .../ha_gce/expected-v1alpha2.yaml | 1 + .../ha_shared_zone/expected-v1alpha2.yaml | 3 + .../ha_shared_zones/expected-v1alpha2.yaml | 3 + .../ingwspecified/expected-v1alpha2.yaml | 3 + .../minimal/expected-v1alpha2.yaml | 3 + .../ngwspecified/expected-v1alpha2.yaml | 3 + .../overrides/expected-v1alpha2.yaml | 3 + .../private/expected-v1alpha2.yaml | 3 + .../private_gce/expected-v1alpha2.yaml | 1 + .../expected-v1alpha2.yaml | 3 + .../shared_subnets/expected-v1alpha2.yaml | 3 + .../expected-v1alpha2.yaml | 3 + .../shared_vpc/expected-v1alpha2.yaml | 3 + ...ha-gce-example-com_metadata_startup-script | 1 + ...ha-gce-example-com_metadata_startup-script | 1 + ...ha-gce-example-com_metadata_startup-script | 1 + ...ha-gce-example-com_metadata_startup-script | 1 + ...al-gce-example-com_metadata_startup-script | 1 + ...al-gce-example-com_metadata_startup-script | 1 + upup/models/bindata.go | 613 ++++++++++++++++++ .../k8s-1.17.yaml.template | 591 +++++++++++++++++ .../pkg/fi/cloudup/bootstrapchannelbuilder.go | 19 +- .../awscloudcontroller/cluster.yaml | 3 + .../awscloudcontroller/manifest.yaml | 8 + 44 files changed, 1479 insertions(+), 9 deletions(-) create mode 100644 upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index cbfda412db0c6..aa210db5a10dc 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -384,6 +384,16 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr cluster := clusterResult.Cluster instanceGroups := clusterResult.InstanceGroups + //Temporarily to run the e2e with ebs csi driver + if api.CloudProviderID(cluster.Spec.CloudProvider) == api.CloudProviderAWS { + cluster.Spec.CloudConfig = &api.CloudConfiguration{ + AWSEBSCSIDriver: &api.AWSEBSCSIDriver{ + + Enabled: fi.Bool(true), + }, + } + } + var masters []*api.InstanceGroup var nodes []*api.InstanceGroup for _, ig := range instanceGroups { diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index 166fcc863c77b..6e2e9bbacecdc 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -214,6 +214,14 @@ spec: cloudConfig: description: CloudConfiguration defines the cloud provider configuration properties: + awsEBSCSIDriver: + description: AWSEBSCSIDriver is the config for the AWS EBS CSI + driver + properties: + enabled: + description: Enabled enables the AWS EBS CSI driver + type: boolean + type: object disableSecurityGroupIngress: description: AWS cloud-config options type: boolean @@ -328,6 +336,8 @@ spec: description: VSphereUsername is deprecated and will be removed in a later version type: string + required: + - awsEBSCSIDriver type: object cloudControllerManager: description: CloudControllerManagerConfig is the configuration of diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index 8d1dc6e643926..f9ae7928d2591 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -785,6 +785,14 @@ type CloudConfiguration struct { SpotinstOrientation *string `json:"spotinstOrientation,omitempty"` // Openstack cloud-config options Openstack *OpenstackConfiguration `json:"openstack,omitempty"` + // AWSEBSCSIDriver is the config for the AWS EBS CSI driver + AWSEBSCSIDriver *AWSEBSCSIDriver `json:"awsEBSCSIDriver"` +} + +// AWSEBSCSIDriver is the config for the AWS EBS CSI driver +type AWSEBSCSIDriver struct { + //Enabled enables the AWS EBS CSI driver + Enabled *bool `json:"enabled,omitempty"` } // NodeTerminationHandlerConfig determines the node termination handler configuration. diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index 044ade273467c..0939b3e90cfc8 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -784,6 +784,14 @@ type CloudConfiguration struct { SpotinstOrientation *string `json:"spotinstOrientation,omitempty"` // Openstack cloud-config options Openstack *OpenstackConfiguration `json:"openstack,omitempty"` + // AWSEBSCSIDriver is the config for the AWS EBS CSI driver + AWSEBSCSIDriver *AWSEBSCSIDriver `json:"awsEBSCSIDriver"` +} + +// AWSEBSCSIDriver is the config for the AWS EBS CSI driver +type AWSEBSCSIDriver struct { + //Enabled enables the AWS EBS CSI driver + Enabled *bool `json:"enabled,omitempty"` } // NodeTerminationHandlerConfig determines the node termination handler configuration. diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 7f0b6b6e977a6..b78225b8321b3 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -33,6 +33,16 @@ func init() { // RegisterConversions adds conversion functions to the given scheme. // Public to allow building arbitrary schemes. func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*AWSEBSCSIDriver)(nil), (*kops.AWSEBSCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(a.(*AWSEBSCSIDriver), b.(*kops.AWSEBSCSIDriver), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*kops.AWSEBSCSIDriver)(nil), (*AWSEBSCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(a.(*kops.AWSEBSCSIDriver), b.(*AWSEBSCSIDriver), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*AccessSpec)(nil), (*kops.AccessSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_AccessSpec_To_kops_AccessSpec(a.(*AccessSpec), b.(*kops.AccessSpec), scope) }); err != nil { @@ -966,6 +976,26 @@ func RegisterConversions(s *runtime.Scheme) error { return nil } +func autoConvert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(in *AWSEBSCSIDriver, out *kops.AWSEBSCSIDriver, s conversion.Scope) error { + out.Enabled = in.Enabled + return nil +} + +// Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver is an autogenerated conversion function. +func Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(in *AWSEBSCSIDriver, out *kops.AWSEBSCSIDriver, s conversion.Scope) error { + return autoConvert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(in, out, s) +} + +func autoConvert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(in *kops.AWSEBSCSIDriver, out *AWSEBSCSIDriver, s conversion.Scope) error { + out.Enabled = in.Enabled + return nil +} + +// Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver is an autogenerated conversion function. +func Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(in *kops.AWSEBSCSIDriver, out *AWSEBSCSIDriver, s conversion.Scope) error { + return autoConvert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(in, out, s) +} + func autoConvert_v1alpha2_AccessSpec_To_kops_AccessSpec(in *AccessSpec, out *kops.AccessSpec, s conversion.Scope) error { if in.DNS != nil { in, out := &in.DNS, &out.DNS @@ -1707,6 +1737,15 @@ func autoConvert_v1alpha2_CloudConfiguration_To_kops_CloudConfiguration(in *Clou } else { out.Openstack = nil } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(kops.AWSEBSCSIDriver) + if err := Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(*in, *out, s); err != nil { + return err + } + } else { + out.AWSEBSCSIDriver = nil + } return nil } @@ -1740,6 +1779,15 @@ func autoConvert_kops_CloudConfiguration_To_v1alpha2_CloudConfiguration(in *kops } else { out.Openstack = nil } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(AWSEBSCSIDriver) + if err := Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(*in, *out, s); err != nil { + return err + } + } else { + out.AWSEBSCSIDriver = nil + } return nil } diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index be142106b7545..b3d643fd8618c 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -26,6 +26,27 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEBSCSIDriver) DeepCopyInto(out *AWSEBSCSIDriver) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEBSCSIDriver. +func (in *AWSEBSCSIDriver) DeepCopy() *AWSEBSCSIDriver { + if in == nil { + return nil + } + out := new(AWSEBSCSIDriver) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessSpec) DeepCopyInto(out *AccessSpec) { *out = *in @@ -519,6 +540,11 @@ func (in *CloudConfiguration) DeepCopyInto(out *CloudConfiguration) { *out = new(OpenstackConfiguration) (*in).DeepCopyInto(*out) } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(AWSEBSCSIDriver) + (*in).DeepCopyInto(*out) + } return } diff --git a/pkg/apis/kops/validation/aws.go b/pkg/apis/kops/validation/aws.go index dd0a30713b2ff..67352409d42bc 100644 --- a/pkg/apis/kops/validation/aws.go +++ b/pkg/apis/kops/validation/aws.go @@ -38,9 +38,25 @@ func awsValidateCluster(c *kops.Cluster) field.ErrorList { } } + allErrs = append(allErrs, awsValidateExternalCloudControllerManager(c.Spec)...) + return allErrs } +func awsValidateExternalCloudControllerManager(c kops.ClusterSpec) (allErrs field.ErrorList) { + + if c.ExternalCloudControllerManager != nil { + if c.KubeControllerManager == nil || c.KubeControllerManager.ExternalCloudVolumePlugin != "aws" { + if c.CloudConfig == nil || c.CloudConfig.AWSEBSCSIDriver == nil || !fi.BoolValue(c.CloudConfig.AWSEBSCSIDriver.Enabled) { + allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "externalCloudControllerManager"), + "AWS external CCM cannot be used without enabling spec.cloudConfig.AWSEBSCSIDriver or setting spec.kubeControllerManaager.externalCloudVolumePlugin set to `aws`")) + } + } + } + return allErrs + +} + func awsValidateInstanceGroup(ig *kops.InstanceGroup, cloud awsup.AWSCloud) field.ErrorList { allErrs := field.ErrorList{} diff --git a/pkg/apis/kops/validation/aws_test.go b/pkg/apis/kops/validation/aws_test.go index b0205f5f05183..4b777acbb3276 100644 --- a/pkg/apis/kops/validation/aws_test.go +++ b/pkg/apis/kops/validation/aws_test.go @@ -26,6 +26,43 @@ import ( "k8s.io/kops/pkg/apis/kops" ) +func TestAWSValidateExternalCloudConfig(t *testing.T) { + grid := []struct { + Input kops.ClusterSpec + ExpectedErrors []string + }{ + { + Input: kops.ClusterSpec{ + ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{}, + }, + ExpectedErrors: []string{"Forbidden::spec.externalCloudControllerManager"}, + }, + { + Input: kops.ClusterSpec{ + ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{}, + CloudConfig: &kops.CloudConfiguration{ + AWSEBSCSIDriver: &kops.AWSEBSCSIDriver{ + Enabled: fi.Bool(true), + }, + }, + }, + }, + { + Input: kops.ClusterSpec{ + ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{}, + KubeControllerManager: &kops.KubeControllerManagerConfig{ + ExternalCloudVolumePlugin: "aws", + }, + }, + }, + } + for _, g := range grid { + errs := awsValidateExternalCloudControllerManager(g.Input) + + testErrors(t, g.Input, errs, g.ExpectedErrors) + } +} + func TestValidateInstanceGroupSpec(t *testing.T) { grid := []struct { Input kops.InstanceGroupSpec diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index d7e6b0fdccc37..7223ab771272a 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -26,6 +26,27 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEBSCSIDriver) DeepCopyInto(out *AWSEBSCSIDriver) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEBSCSIDriver. +func (in *AWSEBSCSIDriver) DeepCopy() *AWSEBSCSIDriver { + if in == nil { + return nil + } + out := new(AWSEBSCSIDriver) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessSpec) DeepCopyInto(out *AccessSpec) { *out = *in @@ -619,6 +640,11 @@ func (in *CloudConfiguration) DeepCopyInto(out *CloudConfiguration) { *out = new(OpenstackConfiguration) (*in).DeepCopyInto(*out) } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(AWSEBSCSIDriver) + (*in).DeepCopyInto(*out) + } return } diff --git a/pkg/model/components/kubecontrollermanager.go b/pkg/model/components/kubecontrollermanager.go index 80e5c91576948..394e5178e553e 100644 --- a/pkg/model/components/kubecontrollermanager.go +++ b/pkg/model/components/kubecontrollermanager.go @@ -98,14 +98,6 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error if clusterSpec.ExternalCloudControllerManager != nil { kcm.CloudProvider = "external" - - // External cloud provider disables KCM volume controllers, so - // most users would want to either install CSI or pass - // --external-cloud-volume-plugin to the KCM, which runs the - // KCM volume controllers. - if kcm.ExternalCloudVolumePlugin == "" { - klog.Infof("An external cloud controller manager is configured, but ExternalCloudVolumePlugin is not configured for the KCM. This means a CSI plugin must be installed by the user or else volume management might not work.") - } } kcm.LogLevel = 2 diff --git a/pkg/model/tests/data/bootstrapscript_0.txt b/pkg/model/tests/data/bootstrapscript_0.txt index 5eafbed7f715e..51c1eed37c480 100644 --- a/pkg/model/tests/data/bootstrapscript_0.txt +++ b/pkg/model/tests/data/bootstrapscript_0.txt @@ -150,6 +150,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null nodeTags: something containerRuntime: docker containerd: diff --git a/pkg/model/tests/data/bootstrapscript_1.txt b/pkg/model/tests/data/bootstrapscript_1.txt index ccf00deb97219..3f6dc07eb5cea 100644 --- a/pkg/model/tests/data/bootstrapscript_1.txt +++ b/pkg/model/tests/data/bootstrapscript_1.txt @@ -150,6 +150,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null nodeTags: something containerRuntime: docker containerd: diff --git a/pkg/model/tests/data/bootstrapscript_2.txt b/pkg/model/tests/data/bootstrapscript_2.txt index ccf00deb97219..3f6dc07eb5cea 100644 --- a/pkg/model/tests/data/bootstrapscript_2.txt +++ b/pkg/model/tests/data/bootstrapscript_2.txt @@ -150,6 +150,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null nodeTags: something containerRuntime: docker containerd: diff --git a/pkg/model/tests/data/bootstrapscript_3.txt b/pkg/model/tests/data/bootstrapscript_3.txt index 6ea225ed58970..ebb39c76dc2f4 100644 --- a/pkg/model/tests/data/bootstrapscript_3.txt +++ b/pkg/model/tests/data/bootstrapscript_3.txt @@ -150,6 +150,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null nodeTags: something containerRuntime: docker containerd: diff --git a/pkg/model/tests/data/bootstrapscript_4.txt b/pkg/model/tests/data/bootstrapscript_4.txt index cd6efdc9e9a63..e466797d65756 100644 --- a/pkg/model/tests/data/bootstrapscript_4.txt +++ b/pkg/model/tests/data/bootstrapscript_4.txt @@ -150,6 +150,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null nodeTags: something containerRuntime: docker containerd: diff --git a/pkg/model/tests/data/bootstrapscript_5.txt b/pkg/model/tests/data/bootstrapscript_5.txt index cd6efdc9e9a63..e466797d65756 100644 --- a/pkg/model/tests/data/bootstrapscript_5.txt +++ b/pkg/model/tests/data/bootstrapscript_5.txt @@ -150,6 +150,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null nodeTags: something containerRuntime: docker containerd: diff --git a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml index ff950e09eb38e..f0f2dfa120b83 100644 --- a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/complex.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml b/tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml index 1adae76b4e5b0..3a4d189e45dd4 100644 --- a/tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml @@ -10,6 +10,7 @@ spec: rbac: {} channel: stable cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: test-account@testproject.iam.gserviceaccount.com cloudProvider: gce configBase: memfs://tests/gce.example.com diff --git a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml index c756423382939..b85850db480a8 100644 --- a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/ha.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml index 66b426ab4cd63..11994dc176682 100644 --- a/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_encrypt/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/ha.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml index b51e666f59562..2f947e004dea1 100644 --- a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml @@ -10,6 +10,7 @@ spec: rbac: {} channel: stable cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default cloudProvider: gce configBase: memfs://tests/ha-gce.example.com diff --git a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml index a3031c4084663..f6b83e3716afb 100644 --- a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/ha.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml index 4a7d135fbb7d3..af1e53a1dedc9 100644 --- a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/ha.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml index fb41f873ef235..2cb847cf7810f 100644 --- a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml @@ -11,6 +11,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/private.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/minimal/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal/expected-v1alpha2.yaml index 03583853e846c..bafeb08ed84a0 100644 --- a/tests/integration/create_cluster/minimal/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/minimal.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml index 691051039dd1f..0b7d02ffb02ae 100644 --- a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml @@ -11,6 +11,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/private.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml index b6137047a41db..91eaa2e40d2c4 100644 --- a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/overrides.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/private/expected-v1alpha2.yaml b/tests/integration/create_cluster/private/expected-v1alpha2.yaml index 0294c9c1e886b..c92cf7d33597b 100644 --- a/tests/integration/create_cluster/private/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private/expected-v1alpha2.yaml @@ -11,6 +11,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudLabels: Owner: John Doe dn: 'cn=John Doe: dc=example dc=com' diff --git a/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml index e15fa0491c7e1..41595640bf1d6 100644 --- a/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml @@ -11,6 +11,7 @@ spec: rbac: {} channel: stable cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: test-account@testproject.iam.gserviceaccount.com cloudLabels: Owner: John Doe diff --git a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml index 883f6f8645808..f41d3fc5bbb87 100644 --- a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml @@ -11,6 +11,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/private-subnets.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml index 112757eea0d05..6f4b1acefbd72 100644 --- a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/subnet.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml index 112757eea0d05..6f4b1acefbd72 100644 --- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/subnet.example.com containerRuntime: docker diff --git a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml index be597a2fdc384..4fcb387e79ca3 100644 --- a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml @@ -9,6 +9,9 @@ spec: authorization: rbac: {} channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true cloudProvider: aws configBase: memfs://tests/vpc.example.com containerRuntime: docker diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script index 317b330629448..4959777b3a984 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script @@ -133,6 +133,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default multizone: true nodeTags: ha-gce-example-com-k8s-io-role-node diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script index 4a9755376317a..8cc3a5cf282a0 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script @@ -133,6 +133,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default multizone: true nodeTags: ha-gce-example-com-k8s-io-role-node diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script index 5bb92f4758063..fcd5158f8657f 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script @@ -133,6 +133,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default multizone: true nodeTags: ha-gce-example-com-k8s-io-role-node diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script index 422daf4fe6369..e3642b28a5017 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script @@ -133,6 +133,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default multizone: true nodeTags: ha-gce-example-com-k8s-io-role-node diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script index 8dd03a7ce8753..b6e2fcfc1b613 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script @@ -133,6 +133,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default multizone: true nodeTags: minimal-gce-example-com-k8s-io-role-node diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script index e80c83d813298..8f91213ce5822 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script @@ -133,6 +133,7 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: + awsEBSCSIDriver: null gceServiceAccount: default multizone: true nodeTags: minimal-gce-example-com-k8s-io-role-node diff --git a/upup/models/bindata.go b/upup/models/bindata.go index ed07a27965fbc..ba1f5e2c384d4 100644 --- a/upup/models/bindata.go +++ b/upup/models/bindata.go @@ -6,6 +6,7 @@ // upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template // upup/models/cloudup/resources/addons/authentication.kope.io/k8s-1.12.yaml // upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template +// upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template // upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template // upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template // upup/models/cloudup/resources/addons/core.addons.k8s.io/addon.yaml @@ -755,6 +756,614 @@ func cloudupResourcesAddonsAwsCloudControllerAddonsK8sIoK8s118YamlTemplate() (*a return a, nil } +var _cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate = []byte(`--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshot-controller-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-snapshot-controller-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: Role + name: ebs-snapshot-controller-leaderelection + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/node.yaml +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: aws-ebs-csi-driver/templates/controller.yaml +# Controller Service +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: "" + serviceAccountName: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + imagePullPolicy: IfNotPresent + args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id={{ ClusterName }} + - --extra-volume-tags=KubernetesCluster={{ ClusterName }} + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --enable-leader-election + - --leader-election-type=leases + - --extra-create-metadata=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + imagePullPolicy: Always + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: aws-ebs-csi-driver/templates/statefulset.yaml +#Snapshot controller +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + serviceName: ebs-snapshot-controller + replicas: 1 + selector: + matchLabels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + serviceAccountName: ebs-snapshot-controller + containers: + - name: snapshot-controller + image: quay.io/k8scsi/snapshot-controller:v2.1.1 + args: + - --v=5 + - --leader-election=false +--- +# Source: aws-ebs-csi-driver/templates/csidriver.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + attachRequired: true + podInfoOnMount: false +`) + +func cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplateBytes() ([]byte, error) { + return _cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate, nil +} + +func cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate() (*asset, error) { + bytes, err := cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplateBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _cloudupResourcesAddonsCertmanagerIoK8s116YamlTemplate = []byte(`# Copyright The Jetstack cert-manager contributors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -42617,6 +43226,7 @@ var _bindata = map[string]func() (*asset, error){ "cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template": cloudupResourcesAddonsAuthenticationAwsK8s112YamlTemplate, "cloudup/resources/addons/authentication.kope.io/k8s-1.12.yaml": cloudupResourcesAddonsAuthenticationKopeIoK8s112Yaml, "cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template": cloudupResourcesAddonsAwsCloudControllerAddonsK8sIoK8s118YamlTemplate, + "cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template": cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate, "cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template": cloudupResourcesAddonsCertmanagerIoK8s116YamlTemplate, "cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template": cloudupResourcesAddonsClusterAutoscalerAddonsK8sIoK8s115YamlTemplate, "cloudup/resources/addons/core.addons.k8s.io/addon.yaml": cloudupResourcesAddonsCoreAddonsK8sIoAddonYaml, @@ -42720,6 +43330,9 @@ var _bintree = &bintree{nil, map[string]*bintree{ "aws-cloud-controller.addons.k8s.io": {nil, map[string]*bintree{ "k8s-1.18.yaml.template": {cloudupResourcesAddonsAwsCloudControllerAddonsK8sIoK8s118YamlTemplate, map[string]*bintree{}}, }}, + "aws-ebs-csi-driver.addons.k8s.io": {nil, map[string]*bintree{ + "k8s-1.17.yaml.template": {cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate, map[string]*bintree{}}, + }}, "certmanager.io": {nil, map[string]*bintree{ "k8s-1.16.yaml.template": {cloudupResourcesAddonsCertmanagerIoK8s116YamlTemplate, map[string]*bintree{}}, }}, diff --git a/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template new file mode 100644 index 0000000000000..ce55626582462 --- /dev/null +++ b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template @@ -0,0 +1,591 @@ +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshot-controller-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-snapshot-controller-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: Role + name: ebs-snapshot-controller-leaderelection + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/node.yaml +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: aws-ebs-csi-driver/templates/controller.yaml +# Controller Service +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: "" + serviceAccountName: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + imagePullPolicy: IfNotPresent + args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id={{ ClusterName }} + - --extra-volume-tags=KubernetesCluster={{ ClusterName }} + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --enable-leader-election + - --leader-election-type=leases + - --extra-create-metadata=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + imagePullPolicy: Always + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: aws-ebs-csi-driver/templates/statefulset.yaml +#Snapshot controller +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + serviceName: ebs-snapshot-controller + replicas: 1 + selector: + matchLabels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + serviceAccountName: ebs-snapshot-controller + containers: + - name: snapshot-controller + image: quay.io/k8scsi/snapshot-controller:v2.1.1 + args: + - --v=5 + - --leader-election=false +--- +# Source: aws-ebs-csi-driver/templates/csidriver.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + attachRequired: true + podInfoOnMount: false diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 972b75b060650..bd065b2dd6844 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -1016,9 +1016,9 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann } if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS { - key := "aws-cloud-controller.addons.k8s.io" if b.Cluster.Spec.ExternalCloudControllerManager != nil { + key := "aws-cloud-controller.addons.k8s.io" // Version refers to the addon configuration. The CCM tag is given by // the template function AWSCCMTag() version := "1.18.0-kops.1" @@ -1035,6 +1035,23 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann }) } } + if b.Cluster.Spec.CloudConfig != nil && b.Cluster.Spec.CloudConfig.AWSEBSCSIDriver != nil && fi.BoolValue(b.Cluster.Spec.CloudConfig.AWSEBSCSIDriver.Enabled) { + key := "aws-ebs-csi-driver.addons.k8s.io" + + version := "0.8.0-kops.1" + { + id := "k8s-1.17" + location := key + "/" + id + ".yaml" + addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ + Name: fi.String(key), + Version: fi.String(version), + Manifest: fi.String(location), + Selector: map[string]string{"k8s-addon": key}, + KubernetesVersion: ">=1.17.0", + Id: id, + }) + } + } } if b.Cluster.Spec.KubeScheduler.UsePolicyConfigMap != nil { diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml index c91b70d045baa..3605a12f38ced 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml @@ -10,6 +10,9 @@ spec: - 0.0.0.0/0 channel: stable cloudProvider: aws + cloudConfig: + awsEBSCSIDriver: + enabled: true configBase: memfs://clusters.example.com/minimal.example.com etcdClusters: - etcdMembers: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 2a7d02e3ba52e..c0f41f4e9ed1b 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -69,3 +69,11 @@ spec: selector: k8s-addon: aws-cloud-controller.addons.k8s.io version: 1.18.0-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml + manifestHash: 5b6fb01a19e10929915073334f88eff5e8c50fb8 + name: aws-ebs-csi-driver.addons.k8s.io + selector: + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + version: 0.8.0-kops.1