diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content index 01c85e1b7ea5b..51b5164c8866a 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: 6c8dbf148ed3b22f5dfecd0d0abf5a520237ef34c383899f7027a4cf90124ccd + manifestHash: 841d9adcf46c3c58b460d6a8eff1ef315288d5700f75007bb3944261c8405e17 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index a35e7e6c88aa6..31bad2ca575f5 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=ha-gce-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=ha-gce-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 6fd856ba05c0e..33c025b3f290e 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -119,7 +119,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: 2f4bcebce4d5105537ed53697d0543a83a66cf2a4828fdc36d62471c67343ca3 + manifestHash: 43460694a38baf16384220585cca377c2f9387e4941a673ed75583747b628901 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index efd60ab3d563d..970107a5c7dd9 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content index 6cbac4388e692..acf75e85cc9d8 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: fbb6c68f47e0319f669526f9501dd3b32bbcb22f17254c46be8c50e7e2957cd4 + manifestHash: 94a9a11050edb370d194e27475930c1f3f500a1670860beac9ce855b9dd213f6 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index 740e91c9dcac1..f08d4bd9b6a75 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content index 0fda552dbdf15..70169cca742bd 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: fbb6c68f47e0319f669526f9501dd3b32bbcb22f17254c46be8c50e7e2957cd4 + manifestHash: 94a9a11050edb370d194e27475930c1f3f500a1670860beac9ce855b9dd213f6 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index 740e91c9dcac1..f08d4bd9b6a75 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content index 560c98e778d57..0d2bab833f0ed 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: 2e2f609f5f72e7409121d56e5b819a242989811a509b4ae55247a1acb23b43f9 + manifestHash: 12088934fb602e670e63e4f7e1489e87f65d05da281078f5bce139a9d16fa543 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index 388d8441d9b36..51cf1b988023e 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-ilb-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-ilb-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content index a265507afc2de..9b879e49a6bcb 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: 58a0ffcf43005dce350ffe7d4faa1776b2c9ec9bf2654aed3429ed9e780ee7cc + manifestHash: 984f168ba95c31d9b3f9b68d55a11d68df603702363ba7e056084904d72db0b5 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index b47792272dcaa..68c44471f2f31 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-with-a-very-very-very-very-very-long-name-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-with-a-very-very-very-very-very-long-name-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content index a265507afc2de..9b879e49a6bcb 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: 58a0ffcf43005dce350ffe7d4faa1776b2c9ec9bf2654aed3429ed9e780ee7cc + manifestHash: 984f168ba95c31d9b3f9b68d55a11d68df603702363ba7e056084904d72db0b5 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index b47792272dcaa..68c44471f2f31 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-with-a-very-very-very-very-very-long-name-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-with-a-very-very-very-very-very-long-name-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content index fde23ea4e8897..6cd1d9d73cf48 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: b1e096ecc2344c82672fc4eb81df378b5894b9a2b352e000d6bcf0d2d86fa6c8 + manifestHash: 86facd78ba966b12172d01da4c42fb5ef5d2dd7529228d0697fb3bca007a227b name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index 864fbd1a1784f..ba9e6d4213cb0 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-plb-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-plb-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content index 025a9b56be37a..386262359cad4 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml - manifestHash: ede87d938b679e6b2c69ce67d1f37fab564ea782bbf9df23b8f9ddac71817821 + manifestHash: e275d32a8f9ac95a191bf52060982203a24d7d37851088f47f121aa232f41bd7 name: gcp-pd-csi-driver.addons.k8s.io selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content index 53fe63f030a41..5b0134212e913 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-gcp-pd-csi-driver.addons.k8s.io-k8s-1.23_content @@ -38,7 +38,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -51,11 +51,92 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: csi-gce-pd-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -144,26 +225,6 @@ rules: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-provisioner-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -172,7 +233,7 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-attacher-role + name: csi-gce-pd-resizer-role rules: - apiGroups: - "" @@ -187,87 +248,36 @@ rules: - apiGroups: - "" resources: - - nodes + - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - - storage.k8s.io + - "" resources: - - csinodes + - persistentvolumeclaims/status verbs: - - get - - list - - watch + - update + - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - storage.k8s.io + - "" resources: - - volumeattachments/status + - pods verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-attacher-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver controller - deployment only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller -value: 900000000 - ---- - -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for the GCE PD CSI driver node deployment - only. -globalDefault: false -kind: PriorityClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node -value: 900001000 + - get + - list + - watch --- @@ -279,67 +289,63 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-role + name: csi-gce-pd-snapshotter-role rules: - apiGroups: - "" resources: - - persistentvolumes + - events verbs: - - get - list - watch + - create - update - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - persistentvolumeclaims + - volumesnapshotclasses verbs: - get - list - watch - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - events + - volumesnapshotcontents verbs: + - create + - get - list - watch - - create - update + - delete - patch - apiGroups: - - "" + - snapshot.storage.k8s.io resources: - - pods + - volumesnapshotcontents/status verbs: - - get - - list - - watch + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-resizer-binding + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-resizer-role + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -348,23 +354,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-controller-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -376,11 +381,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -389,23 +394,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node-deploy -rules: -- apiGroups: - - policy - resourceNames: - - csi-gce-pd-node-psp - resources: - - podsecuritypolicies - verbs: - - use + name: csi-gce-pd-controller-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-controller-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- @@ -417,14 +421,14 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-node + name: csi-gce-pd-controller-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-provisioner-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver --- @@ -437,11 +441,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller + name: csi-gce-pd-controller-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-snapshotter-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -450,50 +454,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa + namespace: gce-pd-csi-driver --- @@ -505,11 +481,11 @@ metadata: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: csi-gce-pd-controller-snapshotter-binding + name: csi-gce-pd-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-snapshotter-role + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa @@ -517,50 +493,35 @@ subjects: --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-leaderelection-role - namespace: gce-pd-csi-driver -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create + name: csi-gce-pd-controller +value: 900000000 --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: gcp-pd-csi-driver.addons.k8s.io - k8s-app: gcp-compute-persistent-disk-csi-driver - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-gce-pd-leaderelection-role -subjects: -- kind: ServiceAccount - name: csi-gce-pd-controller-sa + name: csi-gce-pd-node +value: 900001000 --- @@ -605,6 +566,16 @@ spec: values: - linux containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name=minimal-gce-private-example-com + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir - args: - --v=5 - --csi-address=/csi/csi.sock @@ -615,12 +586,13 @@ spec: - --extra-create-metadata - --leader-election - --default-fstype=ext4 + - --controller-publish-readonly=true env: - name: PDCSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 livenessProbe: failureThreshold: 1 httpGet: @@ -649,7 +621,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 livenessProbe: failureThreshold: 1 httpGet: @@ -678,7 +650,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 livenessProbe: failureThreshold: 1 httpGet: @@ -707,20 +679,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 name: csi-snapshotter volumeMounts: - mountPath: /csi name: socket-dir - - args: - - --v=5 - - --endpoint=unix:/csi/csi.sock - - --extra-labels=k8s-io-cluster-name=minimal-gce-private-example-com - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - name: gce-pd-driver - volumeMounts: - - mountPath: /csi - name: socket-dir hostNetwork: true nodeSelector: null priorityClassName: csi-gce-pd-controller @@ -736,21 +699,6 @@ spec: --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: gcp-pd-csi-driver.addons.k8s.io - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -772,6 +720,15 @@ spec: app: gcp-compute-persistent-disk-csi-driver kops.k8s.io/managed-by: kops spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: - --v=5 @@ -782,7 +739,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-driver-registrar volumeMounts: - mountPath: /csi @@ -793,7 +750,7 @@ spec: - --v=5 - --endpoint=unix:/csi/csi.sock - --run-controller-service=false - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 name: gce-pd-driver securityContext: privileged: true @@ -814,8 +771,7 @@ spec: - mountPath: /sys name: sys hostNetwork: true - nodeSelector: - kubernetes.io/os: linux + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa tolerations: @@ -853,3 +809,18 @@ spec: path: /sys type: Directory name: sys + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: gcp-pd-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: gcp-pd-csi-driver.addons.k8s.io + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false diff --git a/upup/models/cloudup/resources/addons/gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml.template b/upup/models/cloudup/resources/addons/gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml.template index 531782f9496ff..1eba24b44f194 100644 --- a/upup/models/cloudup/resources/addons/gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml.template +++ b/upup/models/cloudup/resources/addons/gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml.template @@ -1,4 +1,4 @@ -# https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/tree/v1.3.4/deploy/kubernetes +# https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/tree/master/deploy/kubernetes/overlays/noauth {{ if WithDefaultBool .CloudConfig.ManageStorageClasses true }} apiVersion: storage.k8s.io/v1 @@ -24,308 +24,390 @@ kind: Namespace metadata: name: gce-pd-csi-driver - --- -##### Node Service Account, Roles, RoleBindings apiVersion: v1 kind: ServiceAccount metadata: + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver - name: csi-gce-pd-node-sa - --- -##### Controller Service Account, Roles, Rolebindings apiVersion: v1 kind: ServiceAccount metadata: + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver - name: csi-gce-pd-controller-sa - --- -# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: csi-gce-pd-provisioner-role + labels: + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-leaderelection-role + namespace: gce-pd-csi-driver rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] - # Access to volumeattachments is only needed when the CSI driver - # has the PUBLISH_UNPUBLISH_VOLUME controller capability. - # In that case, external-provisioner will watch volumeattachments - # to determine when it is safe to delete a volume. - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch"] +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create --- - -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver -roleRef: - kind: ClusterRole - name: csi-gce-pd-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- -# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-gce-pd-attacher-role rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch --- - -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-gce-pd-controller-attacher-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver -roleRef: - kind: ClusterRole - name: csi-gce-pd-attacher-role - apiGroup: rbac.authorization.k8s.io - ---- - -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: csi-gce-pd-controller -value: 900000000 -globalDefault: false -description: "This priority class should be used for the GCE PD CSI driver controller deployment only." - ---- - -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: csi-gce-pd-node -value: 900001000 -globalDefault: false -description: "This priority class should be used for the GCE PD CSI driver node deployment only." - ---- - -# Resizer must be able to work with PVCs, PVs, SCs. kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-gce-pd-resizer-role + name: csi-gce-pd-provisioner-role rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - # If handle-volume-inuse-error=true, the pod specific rbac is needed - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: csi-gce-pd-resizer-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver -roleRef: - kind: ClusterRole name: csi-gce-pd-resizer-role - apiGroup: rbac.authorization.k8s.io +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: csi-gce-pd-controller-deploy + name: csi-gce-pd-snapshotter-role rules: - - apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - csi-gce-pd-controller-psp +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: - name: csi-gce-pd-controller-deploy + labels: + k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-controller-leaderelection-binding + namespace: gce-pd-csi-driver roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-gce-pd-controller-deploy + kind: Role + name: csi-gce-pd-leaderelection-role subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver - +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- - -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: + name: csi-gce-pd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole name: csi-gce-pd-node-deploy -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - csi-gce-pd-node-psp +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: csi-gce-pd-node + name: csi-gce-pd-controller-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-attacher-role subjects: - kind: ServiceAccount - name: csi-gce-pd-node-sa + name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: csi-gce-pd-controller + name: csi-gce-pd-controller-deploy roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: csi-gce-pd-node-deploy + name: csi-gce-pd-controller-deploy subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa namespace: gce-pd-csi-driver - --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: ClusterRoleBinding metadata: - name: csi-gce-pd-snapshotter-role -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - # Secrets resource omitted since GCE PD snapshots does not require them - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] + name: csi-gce-pd-controller-provisioner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-provisioner-role +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- - -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: csi-gce-pd-controller-snapshotter-binding -subjects: - - kind: ServiceAccount - name: csi-gce-pd-controller-sa - namespace: gce-pd-csi-driver roleRef: + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: csi-gce-pd-snapshotter-role - apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: csi-gce-pd-controller-sa + namespace: gce-pd-csi-driver --- - -kind: Role apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: csi-gce-pd-leaderelection-role + name: csi-gce-pd-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-node-deploy +subjects: +- kind: ServiceAccount + name: csi-gce-pd-node-sa namespace: gce-pd-csi-driver - labels: - k8s-app: gcp-compute-persistent-disk-csi-driver -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - --- - -kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: csi-gce-pd-controller-leaderelection-binding - namespace: gce-pd-csi-driver - labels: - k8s-app: gcp-compute-persistent-disk-csi-driver + name: csi-gce-pd-resizer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-gce-pd-resizer-role subjects: - kind: ServiceAccount name: csi-gce-pd-controller-sa -roleRef: - kind: Role - name: csi-gce-pd-leaderelection-role - apiGroup: rbac.authorization.k8s.io - + namespace: gce-pd-csi-driver +--- +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver controller + deployment only. +globalDefault: false +kind: PriorityClass +metadata: + name: csi-gce-pd-controller +value: 900000000 +--- +apiVersion: scheduling.k8s.io/v1 +description: This priority class should be used for the GCE PD CSI driver node deployment + only. +globalDefault: false +kind: PriorityClass +metadata: + name: csi-gce-pd-node +value: 900001000 --- - -kind: Deployment apiVersion: apps/v1 +kind: Deployment metadata: - namespace: gce-pd-csi-driver name: csi-gce-pd-controller + namespace: gce-pd-csi-driver spec: replicas: 1 selector: @@ -354,160 +436,143 @@ spec: operator: In values: - linux - # Host network must be used for interaction with Workload Identity in GKE - # since it replaces GCE Metadata Server with GKE Metadata Server. Remove - # this requirement when issue is resolved and before any exposure of - # metrics ports + containers: + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --extra-labels=k8s-io-cluster-name={{ replace ClusterName "." "-" }} + env: [] + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --http-endpoint=:22011 + - --leader-election-namespace=$(PDCSI_NAMESPACE) + - --timeout=250s + - --extra-create-metadata + - --leader-election + - --default-fstype=ext4 + - --controller-publish-readonly=true + env: + - name: PDCSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /healthz/leader-election + port: http-endpoint + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: csi-provisioner + ports: + - containerPort: 22011 + name: http-endpoint + protocol: TCP + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --http-endpoint=:22012 + - --leader-election + - --leader-election-namespace=$(PDCSI_NAMESPACE) + - --timeout=250s + env: + - name: PDCSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /healthz/leader-election + port: http-endpoint + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: csi-attacher + ports: + - containerPort: 22012 + name: http-endpoint + protocol: TCP + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --http-endpoint=:22013 + - --leader-election + - --leader-election-namespace=$(PDCSI_NAMESPACE) + - --handle-volume-inuse-error=false + env: + - name: PDCSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + livenessProbe: + failureThreshold: 1 + httpGet: + path: /healthz/leader-election + port: http-endpoint + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 10 + name: csi-resizer + ports: + - containerPort: 22013 + name: http-endpoint + protocol: TCP + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --metrics-address=:22014 + - --leader-election + - --leader-election-namespace=$(PDCSI_NAMESPACE) + - --timeout=300s + env: + - name: PDCSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0 + name: csi-snapshotter + volumeMounts: + - mountPath: /csi + name: socket-dir hostNetwork: true - # run controller in masters because nodes does not have enough permissions to provision / manage volumes + nodeSelector: null + priorityClassName: csi-gce-pd-controller + serviceAccountName: csi-gce-pd-controller-sa tolerations: - effect: NoSchedule operator: Exists - key: CriticalAddonsOnly operator: Exists - nodeSelector: null - serviceAccountName: csi-gce-pd-controller-sa - priorityClassName: csi-gce-pd-controller - containers: - - name: csi-provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.0 - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--feature-gates=Topology=true" - - "--http-endpoint=:22011" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--timeout=250s" - - "--extra-create-metadata" - # - "--run-controller-service=false" # disable the controller service of the CSI driver - # - "--run-node-service=false" # disable the node service of the CSI driver - - "--leader-election" - - "--default-fstype=ext4" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 22011 - name: http-endpoint - protocol: TCP - livenessProbe: - failureThreshold: 1 - httpGet: - path: /healthz/leader-election - port: http-endpoint - initialDelaySeconds: 10 - timeoutSeconds: 10 - periodSeconds: 20 - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-attacher - image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--http-endpoint=:22012" - - "--leader-election" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--timeout=250s" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 22012 - name: http-endpoint - protocol: TCP - livenessProbe: - failureThreshold: 1 - httpGet: - path: /healthz/leader-election - port: http-endpoint - initialDelaySeconds: 10 - timeoutSeconds: 10 - periodSeconds: 20 - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--http-endpoint=:22013" - - "--leader-election" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--handle-volume-inuse-error=false" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 22013 - name: http-endpoint - protocol: TCP - livenessProbe: - failureThreshold: 1 - httpGet: - path: /healthz/leader-election - port: http-endpoint - initialDelaySeconds: 10 - timeoutSeconds: 10 - periodSeconds: 20 - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--metrics-address=:22014" - - "--leader-election" - - "--leader-election-namespace=$(PDCSI_NAMESPACE)" - - "--timeout=300s" - env: - - name: PDCSI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: gce-pd-driver - # Don't change base image without changing pdImagePlaceholder in - # test/k8s-integration/main.go - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - args: - - "--v=5" - - "--endpoint=unix:/csi/csi.sock" - - "--extra-labels=k8s-io-cluster-name={{ replace ClusterName "." "-" }}" - volumeMounts: - - name: socket-dir - mountPath: /csi volumes: - - name: socket-dir - emptyDir: {} - + - emptyDir: {} + name: socket-dir --- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: pd.csi.storage.gke.io -spec: - attachRequired: true - podInfoOnMount: false - ---- -kind: DaemonSet apiVersion: apps/v1 +kind: DaemonSet metadata: - namespace: gce-pd-csi-driver name: csi-gce-pd-node + namespace: gce-pd-csi-driver spec: selector: matchLabels: @@ -517,97 +582,100 @@ spec: labels: app: gcp-compute-persistent-disk-csi-driver spec: - # Host network must be used for interaction with Workload Identity in GKE - # since it replaces GCE Metadata Server with GKE Metadata Server. Remove - # this requirement when issue is resolved and before any exposure of - # metrics ports. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/pd.csi.storage.gke.io/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + name: csi-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --v=5 + - --endpoint=unix:/csi/csi.sock + - --run-controller-service=false + image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.10.1 + name: gce-pd-driver + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /dev + name: device-dir + - mountPath: /etc/udev + name: udev-rules-etc + - mountPath: /lib/udev + name: udev-rules-lib + - mountPath: /run/udev + name: udev-socket + - mountPath: /sys + name: sys hostNetwork: true + nodeSelector: null priorityClassName: csi-gce-pd-node serviceAccountName: csi-gce-pd-node-sa - nodeSelector: - kubernetes.io/os: linux - containers: - - name: csi-driver-registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 - args: - - "--v=5" - - "--csi-address=/csi/csi.sock" - - "--kubelet-registration-path=/var/lib/kubelet/plugins/pd.csi.storage.gke.io/csi.sock" - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: gce-pd-driver - # Don't change base image without changing pdImagePlaceholder in - # test/k8s-integration/main.go - image: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.3.4 - args: - - "--v=5" - - "--endpoint=unix:/csi/csi.sock" - - "--run-controller-service=false" - securityContext: - privileged: true - volumeMounts: - - name: kubelet-dir - mountPath: /var/lib/kubelet - mountPropagation: "Bidirectional" - - name: plugin-dir - mountPath: /csi - - name: device-dir - mountPath: /dev - # The following mounts are required to trigger host udevadm from - # container - - name: udev-rules-etc - mountPath: /etc/udev - - name: udev-rules-lib - mountPath: /lib/udev - - name: udev-socket - mountPath: /run/udev - - name: sys - mountPath: /sys - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - - name: kubelet-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/pd.csi.storage.gke.io/ - type: DirectoryOrCreate - - name: device-dir - hostPath: - path: /dev - type: Directory - # The following mounts are required to trigger host udevadm from - # container - - name: udev-rules-etc - hostPath: - path: /etc/udev - type: Directory - - name: udev-rules-lib - hostPath: - path: /lib/udev - type: Directory - - name: udev-socket - hostPath: - path: /run/udev - type: Directory - - name: sys - hostPath: - path: /sys - type: Directory - # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - # See "special case". This will tolerate everything. Node component should - # be scheduled on all nodes. tolerations: - operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/pd.csi.storage.gke.io/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + - hostPath: + path: /etc/udev + type: Directory + name: udev-rules-etc + - hostPath: + path: /lib/udev + type: Directory + name: udev-rules-lib + - hostPath: + path: /run/udev + type: Directory + name: udev-socket + - hostPath: + path: /sys + type: Directory + name: sys +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: pd.csi.storage.gke.io +spec: + attachRequired: true + podInfoOnMount: false