From 1263cc1f8bc816393aacf56c4720ff5a4f64b2a0 Mon Sep 17 00:00:00 2001 From: Toni Tauro Date: Wed, 22 Jun 2022 08:58:11 +0200 Subject: [PATCH 01/46] feat(chart): Create initial Chart for csi-cloudscale Signed-off-by: Toni Tauro --- charts/csi-cloudscale/Chart.yaml | 8 ++ charts/csi-cloudscale/templates/crds.yaml | 40 ++++++ .../csi-cloudscale/templates/csi_driver.yaml | 8 ++ .../csi-cloudscale/templates/daemonset.yaml | 101 +++++++++++++ charts/csi-cloudscale/templates/rbac.yaml | 133 ++++++++++++++++++ charts/csi-cloudscale/templates/secrets.yaml | 10 ++ .../templates/serviceaccount.yaml | 12 ++ .../csi-cloudscale/templates/statefulset.yaml | 87 ++++++++++++ .../templates/storageclass.yaml | 24 ++++ charts/csi-cloudscale/values.yaml | 66 +++++++++ 10 files changed, 489 insertions(+) create mode 100644 charts/csi-cloudscale/Chart.yaml create mode 100644 charts/csi-cloudscale/templates/crds.yaml create mode 100644 charts/csi-cloudscale/templates/csi_driver.yaml create mode 100644 charts/csi-cloudscale/templates/daemonset.yaml create mode 100644 charts/csi-cloudscale/templates/rbac.yaml create mode 100644 charts/csi-cloudscale/templates/secrets.yaml create mode 100644 charts/csi-cloudscale/templates/serviceaccount.yaml create mode 100644 charts/csi-cloudscale/templates/statefulset.yaml create mode 100644 charts/csi-cloudscale/templates/storageclass.yaml create mode 100644 charts/csi-cloudscale/values.yaml diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml new file mode 100644 index 00000000..8c6f68db --- /dev/null +++ b/charts/csi-cloudscale/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: cloudscale-csi +description: A Container Storage Interface Driver for cloudscale.ch volumes. +type: application +version: 0.1.0 +appVersion: 3.2.0 +sources: + - https://github.com/cloudscale-ch/csi-cloudscale.git diff --git a/charts/csi-cloudscale/templates/crds.yaml b/charts/csi-cloudscale/templates/crds.yaml new file mode 100644 index 00000000..a8acb2f0 --- /dev/null +++ b/charts/csi-cloudscale/templates/crds.yaml @@ -0,0 +1,40 @@ +{{- if .Values.installCRDs }} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csinodeinfos.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + csiDrivers: + description: List of CSI drivers running on the node and their properties. + items: + properties: + driver: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + type: array + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/csi-cloudscale/templates/csi_driver.yaml b/charts/csi-cloudscale/templates/csi_driver.yaml new file mode 100644 index 00000000..548192cd --- /dev/null +++ b/charts/csi-cloudscale/templates/csi_driver.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.cloudscale.ch +spec: + attachRequired: true + podInfoOnMount: true diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml new file mode 100644 index 00000000..a5470858 --- /dev/null +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -0,0 +1,101 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-node +spec: + selector: + matchLabels: + app: csi-cloudscale-node + template: + metadata: + labels: + app: csi-cloudscale-node + role: csi-cloudscale + spec: + priorityClassName: system-node-critical + serviceAccount: {{ .Release.Name }}-csi-cloudscale-node-sa + hostNetwork: true + containers: + - name: driver-registrar + image: {{ .Values.driverRegistrar.image.repository }}:{{ .Values.driverRegistrar.image.tag }} + imagePullPolicy: {{ .Values.driverRegistrar.image.pullPolicy }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi.cloudscale.ch /registration/csi.cloudscale.ch-reg.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.cloudscale.ch/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-cloudscale-plugin + image: {{ .Values.plugin.image.repository }}:{{ .Values.plugin.image.tag }} + imagePullPolicy: {{ .Values.plugin.image.pullPolicy }} + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(CLOUDSCALE_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CLOUDSCALE_API_URL + value: {{ .Values.cloudscale.apiUrl }} + - name: CLOUDSCALE_ACCESS_TOKEN + valueFrom: + secretKeyRef: + {{- if .Values.cloudscale.token.existingSecret }} + name: {{.Values.cloudscale.token.existingSecret }} + {{- else }} + name: {{ .Release.Name }}-cloudscale-token + key: token + {{- end }} + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: tmpfs + mountPath: /tmp + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.cloudscale.ch + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + # to make sure temporary stored luks keys never touch a disk + - name: tmpfs + emptyDir: + medium: Memory diff --git a/charts/csi-cloudscale/templates/rbac.yaml b/charts/csi-cloudscale/templates/rbac.yaml new file mode 100644 index 00000000..da99081f --- /dev/null +++ b/charts/csi-cloudscale/templates/rbac.yaml @@ -0,0 +1,133 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "csinodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "nodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-resizer-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-driver-registrar-role +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-provisioner-binding +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-csi-cloudscale-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-csi-cloudscale-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-resizer-binding +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-csi-cloudscale-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-csi-cloudscale-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-attacher-binding +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-csi-cloudscale-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-csi-cloudscale-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-driver-registrar-binding +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-csi-cloudscale-node-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-csi-cloudscale-driver-registrar-role + apiGroup: rbac.authorization.k8s.io diff --git a/charts/csi-cloudscale/templates/secrets.yaml b/charts/csi-cloudscale/templates/secrets.yaml new file mode 100644 index 00000000..a5f92812 --- /dev/null +++ b/charts/csi-cloudscale/templates/secrets.yaml @@ -0,0 +1,10 @@ +{{- if not .Values.cloudscale.token.existingSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-cloudscale-token +type: Opaque +data: + token: {{ required "cloudscale.token.value is required" .Values.cloudscale.token.value | b64enc | quote }} +{{- end }} diff --git a/charts/csi-cloudscale/templates/serviceaccount.yaml b/charts/csi-cloudscale/templates/serviceaccount.yaml new file mode 100644 index 00000000..a2b304b1 --- /dev/null +++ b/charts/csi-cloudscale/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-csi-cloudscale-controller-sa + namespace: {{ .Release.namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-csi-cloudscale-node-sa + namespace: {{ .Release.namespace }} diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml new file mode 100644 index 00000000..e5254cc1 --- /dev/null +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -0,0 +1,87 @@ +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-csi-cloudscale-controller + namespace: {{ .Release.namespace }} +spec: + serviceName: "csi-cloudscale" + selector: + matchLabels: + app: csi-cloudscale-controller + replicas: {{ .Values.controller.replicas }} + template: + metadata: + labels: + app: csi-cloudscale-controller + role: csi-cloudscale + spec: + hostNetwork: true + priorityClassName: system-cluster-critical + serviceAccount: {{ .Release.Name }}-csi-cloudscale-controller-sa + containers: + - name: csi-provisioner + image: {{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }} + imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} + args: + - "--csi-address=$(ADDRESS)" + - "--default-fstype=ext4" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: {{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }} + imagePullPolicy: {{ .Values.attacher.image.pullPolicy }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: {{ .Values.resizer.image.repository }}:{{ .Values.resizer.image.tag }} + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=30s" + - "--v=5" + - "--handle-volume-inuse-error=false" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.resizer.image.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-cloudscale-plugin + image: {{ .Values.plugin.image.repository }}:{{ .Values.plugin.image.tag }} + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(CLOUDSCALE_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: CLOUDSCALE_API_URL + value: https://api.cloudscale.ch/ + - name: CLOUDSCALE_ACCESS_TOKEN + valueFrom: + secretKeyRef: + {{- if .Values.cloudscale.token.existingSecret }} + name: {{.Values.cloudscale.token.existingSecret }} + {{- else }} + name: {{ .Release.Name }}-cloudscale-token + key: token + {{- end }} + imagePullPolicy: {{ .Values.plugin.image.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/charts/csi-cloudscale/templates/storageclass.yaml b/charts/csi-cloudscale/templates/storageclass.yaml new file mode 100644 index 00000000..aaa044d2 --- /dev/null +++ b/charts/csi-cloudscale/templates/storageclass.yaml @@ -0,0 +1,24 @@ +{{- $csi := .Values.csi }} +{{- $provisioner := .Values.provisioner }} +{{- range $storageClass := .Values.csi.storageClasses }} +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ $storageClass.name }} +{{- if $storageClass.default }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} +provisioner: {{ $storageClass.provisioner | default $provisioner.name }} +allowVolumeExpansion: {{ $storageClass.allowVolumeExpansion | default $csi.allowVolumeExpansion }} +parameters: + csi.cloudscale.ch/volume-type: {{ $storageClass.volumeType }} +{{- if $storageClass.luks.enabled }} + csi.cloudscale.ch/luks-encrypted: "true" + csi.cloudscale.ch/luks-cipher: {{ quote $storageClass.luks.cipher }} + csi.cloudscale.ch/luks-key-size: {{ quote $storageClass.luks.keySize }} + csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace} + csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key +{{- end }} +{{- end }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml new file mode 100644 index 00000000..deb047b3 --- /dev/null +++ b/charts/csi-cloudscale/values.yaml @@ -0,0 +1,66 @@ +cloudscale: + apiUrl: https://api.cloudscale.ch/ + token: + value: "secret" + # existingSecret: + +installCRDs: false + +csi: + allowVolumeExpansion: true + storageClasses: + - name: cloudscale-volume-ssd + volumeType: ssd + default: true + luks: + enabled: false + - name: cloudscale-volume-ssd-luks + volumeType: ssd + luks: + enabled: true + cipher: aes-xts-plain64 + keySize: 512 + - name: cloudscale-volume-bulk + volumeType: bulk + luks: + enabled: false + - name: cloudscale-volume-bulk-luks + volumeType: bulk + luks: + enabled: true + cipher: aes-xts-plain64 + keySize: 512 + +controller: + replicas: 1 + +provisioner: + name: csi.cloudscale.ch + image: + repository: quay.io/k8scsi/csi-provisioner + tag: v2.0.4 + pullPolicy: IfNotPresent + +attacher: + image: + repository: quay.io/k8scsi/csi-attacher + tag: v3.0.2 + pullPolicy: IfNotPresent + +resizer: + image: + repository: quay.io/k8scsi/csi-resizer + tag: v1.0.1 + pullPolicy: IfNotPresent + +plugin: + image: + repository: cloudscalech/cloudscale-csi-plugin + tag: v3.2.0 + pullPolicy: IfNotPresent + +driverRegistrar: + image: + repository: quay.io/k8scsi/csi-node-driver-registrar + tag: v2.0.1 + pullPolicy: IfNotPresent From 77f6f63cd3a3372dca19217be6de4dbd16e45601 Mon Sep 17 00:00:00 2001 From: Toni Tauro Date: Wed, 22 Jun 2022 10:56:08 +0200 Subject: [PATCH 02/46] fix(templates/sts/ds): keyref on existingSecret Signed-off-by: Toni Tauro --- charts/csi-cloudscale/templates/daemonset.yaml | 1 + charts/csi-cloudscale/templates/statefulset.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index a5470858..97056816 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -58,6 +58,7 @@ spec: secretKeyRef: {{- if .Values.cloudscale.token.existingSecret }} name: {{.Values.cloudscale.token.existingSecret }} + key: token {{- else }} name: {{ .Release.Name }}-cloudscale-token key: token diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index e5254cc1..38bfb36b 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -74,6 +74,7 @@ spec: secretKeyRef: {{- if .Values.cloudscale.token.existingSecret }} name: {{.Values.cloudscale.token.existingSecret }} + key: token {{- else }} name: {{ .Release.Name }}-cloudscale-token key: token From 71a5e474a7474e430ac20013f8b7ec2c5fdf7e32 Mon Sep 17 00:00:00 2001 From: Toni Tauro Date: Tue, 19 Jul 2022 21:13:27 +0200 Subject: [PATCH 03/46] fix(chart): some changes Signed-off-by: Toni Tauro --- charts/csi-cloudscale/Chart.yaml | 2 +- charts/csi-cloudscale/templates/daemonset.yaml | 2 +- charts/csi-cloudscale/templates/rbac.yaml | 6 +++--- charts/csi-cloudscale/templates/serviceaccount.yaml | 2 -- charts/csi-cloudscale/values.yaml | 2 +- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index 8c6f68db..23dafd5a 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: cloudscale-csi +name: csi-cloudscale description: A Container Storage Interface Driver for cloudscale.ch volumes. type: application version: 0.1.0 diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index 97056816..a6adc331 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -17,7 +17,7 @@ spec: serviceAccount: {{ .Release.Name }}-csi-cloudscale-node-sa hostNetwork: true containers: - - name: driver-registrar + - name: csi-node-driver-registrar image: {{ .Values.driverRegistrar.image.repository }}:{{ .Values.driverRegistrar.image.tag }} imagePullPolicy: {{ .Values.driverRegistrar.image.pullPolicy }} args: diff --git a/charts/csi-cloudscale/templates/rbac.yaml b/charts/csi-cloudscale/templates/rbac.yaml index da99081f..c303e600 100644 --- a/charts/csi-cloudscale/templates/rbac.yaml +++ b/charts/csi-cloudscale/templates/rbac.yaml @@ -74,7 +74,7 @@ rules: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-driver-registrar-role + name: {{ .Release.Name }}-csi-cloudscale-node-driver-registrar-role rules: - apiGroups: [""] resources: ["events"] @@ -122,12 +122,12 @@ roleRef: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-driver-registrar-binding + name: {{ .Release.Name }}-csi-cloudscale-node-driver-registrar-binding subjects: - kind: ServiceAccount name: {{ .Release.Name }}-csi-cloudscale-node-sa namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ .Release.Name }}-csi-cloudscale-driver-registrar-role + name: {{ .Release.Name }}-csi-cloudscale-node-driver-registrar-role apiGroup: rbac.authorization.k8s.io diff --git a/charts/csi-cloudscale/templates/serviceaccount.yaml b/charts/csi-cloudscale/templates/serviceaccount.yaml index a2b304b1..a25472d7 100644 --- a/charts/csi-cloudscale/templates/serviceaccount.yaml +++ b/charts/csi-cloudscale/templates/serviceaccount.yaml @@ -3,10 +3,8 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Release.Name }}-csi-cloudscale-controller-sa - namespace: {{ .Release.namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Release.Name }}-csi-cloudscale-node-sa - namespace: {{ .Release.namespace }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index deb047b3..ac4388d2 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -55,7 +55,7 @@ resizer: plugin: image: - repository: cloudscalech/cloudscale-csi-plugin + repository: quay.io/cloudscalech/cloudscale-csi-plugin tag: v3.2.0 pullPolicy: IfNotPresent From f09dcb28426e31e5efdbd63d50c96eec899de570 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 20 Jul 2022 09:39:54 +0200 Subject: [PATCH 04/46] Remove namespace key. --- charts/csi-cloudscale/templates/statefulset.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 38bfb36b..6e9fec07 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -3,7 +3,6 @@ kind: StatefulSet apiVersion: apps/v1 metadata: name: {{ .Release.Name }}-csi-cloudscale-controller - namespace: {{ .Release.namespace }} spec: serviceName: "csi-cloudscale" selector: From bc7889e8f105d84384af7b29f3b298cb6bb45c3e Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 20 Jul 2022 10:27:48 +0200 Subject: [PATCH 05/46] Use access-token as key (like in YAML based installation). --- charts/csi-cloudscale/templates/daemonset.yaml | 4 ++-- charts/csi-cloudscale/templates/secrets.yaml | 2 +- charts/csi-cloudscale/templates/statefulset.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index a6adc331..1a7ebf50 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -58,10 +58,10 @@ spec: secretKeyRef: {{- if .Values.cloudscale.token.existingSecret }} name: {{.Values.cloudscale.token.existingSecret }} - key: token + key: access-token {{- else }} name: {{ .Release.Name }}-cloudscale-token - key: token + key: access-token {{- end }} securityContext: privileged: true diff --git a/charts/csi-cloudscale/templates/secrets.yaml b/charts/csi-cloudscale/templates/secrets.yaml index a5f92812..95ac6175 100644 --- a/charts/csi-cloudscale/templates/secrets.yaml +++ b/charts/csi-cloudscale/templates/secrets.yaml @@ -6,5 +6,5 @@ metadata: name: {{ .Release.Name }}-cloudscale-token type: Opaque data: - token: {{ required "cloudscale.token.value is required" .Values.cloudscale.token.value | b64enc | quote }} + access-token: {{ required "cloudscale.token.value is required" .Values.cloudscale.token.value | b64enc | quote }} {{- end }} diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 6e9fec07..a49e58ac 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -73,10 +73,10 @@ spec: secretKeyRef: {{- if .Values.cloudscale.token.existingSecret }} name: {{.Values.cloudscale.token.existingSecret }} - key: token + key: access-token {{- else }} name: {{ .Release.Name }}-cloudscale-token - key: token + key: access-token {{- end }} imagePullPolicy: {{ .Values.plugin.image.pullPolicy }} volumeMounts: From 36ba97bb091c13dab47f0923037439d7655cfde7 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 20 Jul 2022 10:49:09 +0200 Subject: [PATCH 06/46] Extract "csi-cloudscale.api-token-name". --- .gitignore | 1 + charts/csi-cloudscale/templates/_helpers.tpl | 8 ++++++++ charts/csi-cloudscale/templates/daemonset.yaml | 7 +------ charts/csi-cloudscale/templates/secrets.yaml | 2 +- charts/csi-cloudscale/templates/statefulset.yaml | 7 +------ 5 files changed, 12 insertions(+), 13 deletions(-) create mode 100644 charts/csi-cloudscale/templates/_helpers.tpl diff --git a/.gitignore b/.gitignore index 6ea0da43..937e81e5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # IntelliJ IDEA / GoLand .idea *.iml +values.yaml cmd/cloudscale-csi-plugin/cloudscale-csi-plugin diff --git a/charts/csi-cloudscale/templates/_helpers.tpl b/charts/csi-cloudscale/templates/_helpers.tpl new file mode 100644 index 00000000..ecb4f7c2 --- /dev/null +++ b/charts/csi-cloudscale/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{/* Get API Token Name */}} +{{- define "csi-cloudscale.api-token-name" -}} +{{- if .Values.cloudscale.token.existingSecret -}} + {{ .Values.cloudscale.token.existingSecret }} +{{- else -}} + {{ .Release.Name }}-cloudscale-token +{{- end -}} +{{- end -}} diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index 1a7ebf50..bae54b29 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -56,13 +56,8 @@ spec: - name: CLOUDSCALE_ACCESS_TOKEN valueFrom: secretKeyRef: - {{- if .Values.cloudscale.token.existingSecret }} - name: {{.Values.cloudscale.token.existingSecret }} + name: {{ include "csi-cloudscale.api-token-name" . }} key: access-token - {{- else }} - name: {{ .Release.Name }}-cloudscale-token - key: access-token - {{- end }} securityContext: privileged: true capabilities: diff --git a/charts/csi-cloudscale/templates/secrets.yaml b/charts/csi-cloudscale/templates/secrets.yaml index 95ac6175..2fb597fb 100644 --- a/charts/csi-cloudscale/templates/secrets.yaml +++ b/charts/csi-cloudscale/templates/secrets.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Release.Name }}-cloudscale-token + name: {{ include "csi-cloudscale.api-token-name" . }} type: Opaque data: access-token: {{ required "cloudscale.token.value is required" .Values.cloudscale.token.value | b64enc | quote }} diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index a49e58ac..9b955c56 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -71,13 +71,8 @@ spec: - name: CLOUDSCALE_ACCESS_TOKEN valueFrom: secretKeyRef: - {{- if .Values.cloudscale.token.existingSecret }} - name: {{.Values.cloudscale.token.existingSecret }} + name: {{ include "csi-cloudscale.api-token-name" . }} key: access-token - {{- else }} - name: {{ .Release.Name }}-cloudscale-token - key: access-token - {{- end }} imagePullPolicy: {{ .Values.plugin.image.pullPolicy }} volumeMounts: - name: socket-dir From c729b37858a0c6e18b2c003bcc3c648ab01eb3c5 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 08:38:14 +0200 Subject: [PATCH 07/46] Add legacyName option to generate YAMLs for installation without helm. --- charts/csi-cloudscale/templates/_helpers.tpl | 11 ++++++- .../csi-cloudscale/templates/daemonset.yaml | 4 +-- charts/csi-cloudscale/templates/rbac.yaml | 32 +++++++++---------- .../templates/serviceaccount.yaml | 4 +-- .../csi-cloudscale/templates/statefulset.yaml | 4 +-- charts/csi-cloudscale/values.yaml | 1 + 6 files changed, 33 insertions(+), 23 deletions(-) diff --git a/charts/csi-cloudscale/templates/_helpers.tpl b/charts/csi-cloudscale/templates/_helpers.tpl index ecb4f7c2..4b0ea7f5 100644 --- a/charts/csi-cloudscale/templates/_helpers.tpl +++ b/charts/csi-cloudscale/templates/_helpers.tpl @@ -1,7 +1,16 @@ +{{/* Get Driver Name */}} +{{- define "csi-cloudscale.driver-name" -}} +{{- if .Values.legacyName -}} + csi-cloudscale +{{- else -}} + {{ .Release.Name }}-csi-cloudscale +{{- end -}} +{{- end -}} + {{/* Get API Token Name */}} {{- define "csi-cloudscale.api-token-name" -}} {{- if .Values.cloudscale.token.existingSecret -}} - {{ .Values.cloudscale.token.existingSecret }} + {{ .Values.cloudscale.token.existingSecret -}} {{- else -}} {{ .Release.Name }}-cloudscale-token {{- end -}} diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index bae54b29..c9bfa939 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -2,7 +2,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-node + name: {{ include "csi-cloudscale.driver-name" . }}-node spec: selector: matchLabels: @@ -14,7 +14,7 @@ spec: role: csi-cloudscale spec: priorityClassName: system-node-critical - serviceAccount: {{ .Release.Name }}-csi-cloudscale-node-sa + serviceAccount: {{ include "csi-cloudscale.driver-name" . }}-node-sa hostNetwork: true containers: - name: csi-node-driver-registrar diff --git a/charts/csi-cloudscale/templates/rbac.yaml b/charts/csi-cloudscale/templates/rbac.yaml index c303e600..9dcbce87 100644 --- a/charts/csi-cloudscale/templates/rbac.yaml +++ b/charts/csi-cloudscale/templates/rbac.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-provisioner-role + name: {{ include "csi-cloudscale.driver-name" . }}-provisioner-role rules: - apiGroups: [""] resources: ["persistentvolumes"] @@ -35,7 +35,7 @@ rules: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-attacher-role + name: {{ include "csi-cloudscale.driver-name" . }}-attacher-role rules: - apiGroups: [""] resources: ["persistentvolumes"] @@ -56,7 +56,7 @@ rules: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-resizer-role + name: {{ include "csi-cloudscale.driver-name" . }}-resizer-role rules: - apiGroups: [""] resources: ["persistentvolumes"] @@ -74,7 +74,7 @@ rules: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-node-driver-registrar-role + name: {{ include "csi-cloudscale.driver-name" . }}-node-driver-registrar-role rules: - apiGroups: [""] resources: ["events"] @@ -83,51 +83,51 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-provisioner-binding + name: {{ include "csi-cloudscale.driver-name" . }}-provisioner-binding subjects: - kind: ServiceAccount - name: {{ .Release.Name }}-csi-cloudscale-controller-sa + name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ .Release.Name }}-csi-cloudscale-provisioner-role + name: {{ include "csi-cloudscale.driver-name" . }}-provisioner-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-resizer-binding + name: {{ include "csi-cloudscale.driver-name" . }}-resizer-binding subjects: - kind: ServiceAccount - name: {{ .Release.Name }}-csi-cloudscale-controller-sa + name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ .Release.Name }}-csi-cloudscale-resizer-role + name: {{ include "csi-cloudscale.driver-name" . }}-resizer-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-attacher-binding + name: {{ include "csi-cloudscale.driver-name" . }}-attacher-binding subjects: - kind: ServiceAccount - name: {{ .Release.Name }}-csi-cloudscale-controller-sa + name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ .Release.Name }}-csi-cloudscale-attacher-role + name: {{ include "csi-cloudscale.driver-name" . }}-attacher-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-node-driver-registrar-binding + name: {{ include "csi-cloudscale.driver-name" . }}-node-driver-registrar-binding subjects: - kind: ServiceAccount - name: {{ .Release.Name }}-csi-cloudscale-node-sa + name: {{ include "csi-cloudscale.driver-name" . }}-node-sa namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ .Release.Name }}-csi-cloudscale-node-driver-registrar-role + name: {{ include "csi-cloudscale.driver-name" . }}-node-driver-registrar-role apiGroup: rbac.authorization.k8s.io diff --git a/charts/csi-cloudscale/templates/serviceaccount.yaml b/charts/csi-cloudscale/templates/serviceaccount.yaml index a25472d7..47f6cded 100644 --- a/charts/csi-cloudscale/templates/serviceaccount.yaml +++ b/charts/csi-cloudscale/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Release.Name }}-csi-cloudscale-controller-sa + name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Release.Name }}-csi-cloudscale-node-sa + name: {{ include "csi-cloudscale.driver-name" . }}-node-sa diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 9b955c56..8b7e7f99 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -2,7 +2,7 @@ kind: StatefulSet apiVersion: apps/v1 metadata: - name: {{ .Release.Name }}-csi-cloudscale-controller + name: {{ include "csi-cloudscale.driver-name" . }}-controller spec: serviceName: "csi-cloudscale" selector: @@ -17,7 +17,7 @@ spec: spec: hostNetwork: true priorityClassName: system-cluster-critical - serviceAccount: {{ .Release.Name }}-csi-cloudscale-controller-sa + serviceAccount: {{ include "csi-cloudscale.driver-name" . }}-controller-sa containers: - name: csi-provisioner image: {{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index ac4388d2..e03417ce 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -5,6 +5,7 @@ cloudscale: # existingSecret: installCRDs: false +legacyName: false csi: allowVolumeExpansion: true From 4ba632871295385597672048759eb3a71dbdc686 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 09:29:36 +0200 Subject: [PATCH 08/46] Add home property. --- charts/csi-cloudscale/Chart.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index 23dafd5a..7115b7f4 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -4,5 +4,6 @@ description: A Container Storage Interface Driver for cloudscale.ch volumes. type: application version: 0.1.0 appVersion: 3.2.0 +home: https://github.com/cloudscale-ch/csi-cloudscale sources: - https://github.com/cloudscale-ch/csi-cloudscale.git From 14aeea74844d2111ac3c53d6fabf76c893a504b8 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 12:08:53 +0200 Subject: [PATCH 09/46] Add bump-chart-version. --- Makefile | 9 +++++++++ README.md | 1 + 2 files changed, 10 insertions(+) diff --git a/Makefile b/Makefile index 169b840f..343c38bd 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,7 @@ LDFLAGS ?= -X github.com/cloudscale-ch/csi-cloudscale/driver.version=${VERSION} PKG ?= github.com/cloudscale-ch/csi-cloudscale/cmd/cloudscale-csi-plugin VERSION ?= $(shell cat VERSION) +CHART_VERSION ?= $(shell awk '/version:/ {print $$2}' charts/csi-cloudscale/Chart.yaml) DOCKER_REPO ?= quay.io/cloudscalech/cloudscale-csi-plugin all: check-unused test @@ -38,6 +39,14 @@ bump-version: @ echo '## unreleased\n' | cat - CHANGELOG.md > temp && mv temp CHANGELOG.md @rm README.md-e CHANGELOG.md-e deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml-e +.PHONY: bump-chart-version +bump-chart-version: + @[ "${NEW_CHART_VERSION}" ] || ( echo "NEW_CHART_VERSION must be set (ex. make NEW_CHART_VERSION=v1.x.x bump-version)"; exit 1 ) + @(echo ${NEW_CHART_VERSION} | grep -E "^v") || ( echo "NEW_CHART_VERSION must be a semver ('v' prefix is required)"; exit 1 ) + @echo "Bumping CHART_VERSION from $(CHART_VERSION) to $(NEW_CHART_VERSION)" + @sed -i'' -e 's/${CHART_VERSION:v%=%}/${NEW_CHART_VERSION:v%=%}/g' charts/csi-cloudscale/Chart.yaml + @rm charts/csi-cloudscale/Chart.yaml-e + .PHONY: compile compile: @echo "==> Building the project" diff --git a/README.md b/README.md index 69b06e4f..14642932 100644 --- a/README.md +++ b/README.md @@ -302,6 +302,7 @@ To release a new version bump first the version: ``` $ make NEW_VERSION=vX.Y.Z bump-version +$ make NEW_CHART_VERSION=vX.Y.Z bump-chart-version ``` Make sure everything looks good. Verify that the Kubernetes compatibility matrix is up-to-date. From b105a9efeeea3016959ac564c3e02bda43b2af2e Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 08:57:22 +0200 Subject: [PATCH 10/46] * Include helm files when bumping version. * Generate static yaml from helm. --- Makefile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 343c38bd..7d7e1618 100644 --- a/Makefile +++ b/Makefile @@ -31,13 +31,14 @@ bump-version: @(echo ${NEW_VERSION} | grep -E "^v") || ( echo "NEW_VERSION must be a semver ('v' prefix is required)"; exit 1 ) @echo "Bumping VERSION from $(VERSION) to $(NEW_VERSION)" @echo $(NEW_VERSION) > VERSION - @cp deploy/kubernetes/releases/csi-cloudscale-${VERSION}.yaml deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml - @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' README.md + @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' charts/csi-cloudscale/values.yaml + @sed -i'' -e 's/${VERSION:v%=%}/${NEW_VERSION:v%=%}/g' charts/csi-cloudscale/Chart.yaml + @helm install csi-cloudscale --dry-run -n kube-system --set legacyName=true ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml $(eval NEW_DATE = $(shell date +%Y.%m.%d)) @sed -i'' -e 's/## unreleased/## ${NEW_VERSION} - ${NEW_DATE}/g' CHANGELOG.md @ echo '## unreleased\n' | cat - CHANGELOG.md > temp && mv temp CHANGELOG.md - @rm README.md-e CHANGELOG.md-e deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml-e + @rm README.md-e CHANGELOG.md-e charts/csi-cloudscale/Chart.yaml-e charts/csi-cloudscale/values.yaml-e .PHONY: bump-chart-version bump-chart-version: @@ -93,3 +94,6 @@ vendor: clean: @echo "==> Cleaning releases" @GOOS=${OS} go clean -i -x ./... + +debug: + @echo ${VERSION:v%=%} From 34df274d8267a319d01b0cfff3a957bda90507af Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 12:52:42 +0200 Subject: [PATCH 11/46] Allow setting the resources property. --- .../csi-cloudscale/templates/daemonset.yaml | 8 +++++ .../csi-cloudscale/templates/statefulset.yaml | 16 +++++++++ charts/csi-cloudscale/values.yaml | 35 +++++++++++++++++++ 3 files changed, 59 insertions(+) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index c9bfa939..3b8aad04 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -37,6 +37,10 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + {{- with .Values.driverRegistrar.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} volumeMounts: - name: plugin-dir mountPath: /csi/ @@ -48,6 +52,10 @@ spec: args : - "--endpoint=$(CSI_ENDPOINT)" - "--url=$(CLOUDSCALE_API_URL)" + {{- with .Values.plugin.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 8b7e7f99..448a2624 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -26,6 +26,10 @@ spec: - "--csi-address=$(ADDRESS)" - "--default-fstype=ext4" - "--v=5" + {{- with .Values.provisioner.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -38,6 +42,10 @@ spec: args: - "--v=5" - "--csi-address=$(ADDRESS)" + {{- with .Values.attacher.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -51,6 +59,10 @@ spec: - "--timeout=30s" - "--v=5" - "--handle-volume-inuse-error=false" + {{- with .Values.resizer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -63,6 +75,10 @@ spec: args : - "--endpoint=$(CSI_ENDPOINT)" - "--url=$(CLOUDSCALE_API_URL)" + {{- with .Values.plugin.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index e03417ce..2d0dcd41 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -41,27 +41,62 @@ provisioner: repository: quay.io/k8scsi/csi-provisioner tag: v2.0.4 pullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi attacher: image: repository: quay.io/k8scsi/csi-attacher tag: v3.0.2 pullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi resizer: image: repository: quay.io/k8scsi/csi-resizer tag: v1.0.1 pullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi plugin: image: repository: quay.io/cloudscalech/cloudscale-csi-plugin tag: v3.2.0 pullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi driverRegistrar: image: repository: quay.io/k8scsi/csi-node-driver-registrar tag: v2.0.1 pullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi From 88752c05c51b084640027504d1977d3a7fa9b73f Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 14:00:09 +0200 Subject: [PATCH 12/46] Add extradeploy.yaml. --- .gitignore | 1 + README.md | 7 +++++++ charts/csi-cloudscale/Chart.lock | 6 ++++++ charts/csi-cloudscale/Chart.yaml | 4 ++++ charts/csi-cloudscale/templates/extradeploy.yaml | 4 ++++ charts/csi-cloudscale/values.yaml | 2 ++ 6 files changed, 24 insertions(+) create mode 100644 charts/csi-cloudscale/Chart.lock create mode 100644 charts/csi-cloudscale/templates/extradeploy.yaml diff --git a/.gitignore b/.gitignore index 937e81e5..1edb61b3 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,6 @@ .idea *.iml values.yaml +charts/csi-cloudscale/charts cmd/cloudscale-csi-plugin/cloudscale-csi-plugin diff --git a/README.md b/README.md index 14642932..4c086036 100644 --- a/README.md +++ b/README.md @@ -268,6 +268,13 @@ Note that there are currently the following hard-limits per Node: Requirements: * Go: min `v1.10.x` +* Helm + +Build out the charts/ directory from the Chart.lock file: + +``` +$ helm dependency build charts/csi-cloudscale +``` After making your changes, run the unit tests: diff --git a/charts/csi-cloudscale/Chart.lock b/charts/csi-cloudscale/Chart.lock new file mode 100644 index 00000000..b3c016ca --- /dev/null +++ b/charts/csi-cloudscale/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.17.1 +digest: sha256:c9dc9bde4c38cea08319ae9f4583b58ae3494d9d5ccedfa53fcd8661df127d1f +generated: "2022-08-18T13:40:45.580796+02:00" diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index 7115b7f4..e364dbde 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -7,3 +7,7 @@ appVersion: 3.2.0 home: https://github.com/cloudscale-ch/csi-cloudscale sources: - https://github.com/cloudscale-ch/csi-cloudscale.git +dependencies: + - name: common + version: 1.17.1 + repository: https://charts.bitnami.com/bitnami diff --git a/charts/csi-cloudscale/templates/extradeploy.yaml b/charts/csi-cloudscale/templates/extradeploy.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/charts/csi-cloudscale/templates/extradeploy.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 2d0dcd41..4dc0465d 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -100,3 +100,5 @@ driverRegistrar: # requests: # cpu: 100m # memory: 128Mi + +extraDeploy: [] From 0d0580726f359bf41bdf08c1f98ba7c0f423bb58 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 14:39:56 +0200 Subject: [PATCH 13/46] Use nameOverride instead of legacyName. --- Makefile | 2 +- charts/csi-cloudscale/templates/_helpers.tpl | 4 ++-- charts/csi-cloudscale/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 7d7e1618..1dbf7679 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ bump-version: @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' README.md @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' charts/csi-cloudscale/values.yaml @sed -i'' -e 's/${VERSION:v%=%}/${NEW_VERSION:v%=%}/g' charts/csi-cloudscale/Chart.yaml - @helm install csi-cloudscale --dry-run -n kube-system --set legacyName=true ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml + @helm install csi-cloudscale --dry-run -n kube-system --set nameOverride=csi-cloudscale ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml $(eval NEW_DATE = $(shell date +%Y.%m.%d)) @sed -i'' -e 's/## unreleased/## ${NEW_VERSION} - ${NEW_DATE}/g' CHANGELOG.md @ echo '## unreleased\n' | cat - CHANGELOG.md > temp && mv temp CHANGELOG.md diff --git a/charts/csi-cloudscale/templates/_helpers.tpl b/charts/csi-cloudscale/templates/_helpers.tpl index 4b0ea7f5..6bdbba0d 100644 --- a/charts/csi-cloudscale/templates/_helpers.tpl +++ b/charts/csi-cloudscale/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Get Driver Name */}} {{- define "csi-cloudscale.driver-name" -}} -{{- if .Values.legacyName -}} - csi-cloudscale +{{- if .Values.nameOverride -}} + {{ .Values.nameOverride }} {{- else -}} {{ .Release.Name }}-csi-cloudscale {{- end -}} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 4dc0465d..19cd4036 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -5,7 +5,7 @@ cloudscale: # existingSecret: installCRDs: false -legacyName: false +nameOverride: csi: allowVolumeExpansion: true From 384a5d620177df7bea85dee10f09079a27fd7ee0 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 15:02:27 +0200 Subject: [PATCH 14/46] Separate values for controller and node. --- .../csi-cloudscale/templates/daemonset.yaml | 6 +++--- .../csi-cloudscale/templates/statefulset.yaml | 6 +++--- charts/csi-cloudscale/values.yaml | 19 +++++++++++++++---- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index 3b8aad04..c67c053a 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -47,12 +47,12 @@ spec: - name: registration-dir mountPath: /registration/ - name: csi-cloudscale-plugin - image: {{ .Values.plugin.image.repository }}:{{ .Values.plugin.image.tag }} - imagePullPolicy: {{ .Values.plugin.image.pullPolicy }} + image: {{ .Values.node.image.repository }}:{{ .Values.node.image.tag }} + imagePullPolicy: {{ .Values.node.image.pullPolicy }} args : - "--endpoint=$(CSI_ENDPOINT)" - "--url=$(CLOUDSCALE_API_URL)" - {{- with .Values.plugin.resources }} + {{- with .Values.node.resources }} resources: {{ toYaml . | indent 12 }} {{- end }} diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 448a2624..fd25a5b1 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -71,11 +71,11 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-cloudscale-plugin - image: {{ .Values.plugin.image.repository }}:{{ .Values.plugin.image.tag }} + image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} args : - "--endpoint=$(CSI_ENDPOINT)" - "--url=$(CLOUDSCALE_API_URL)" - {{- with .Values.plugin.resources }} + {{- with .Values.controller.resources }} resources: {{ toYaml . | indent 12 }} {{- end }} @@ -89,7 +89,7 @@ spec: secretKeyRef: name: {{ include "csi-cloudscale.api-token-name" . }} key: access-token - imagePullPolicy: {{ .Values.plugin.image.pullPolicy }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 19cd4036..6e7bb6ae 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -32,9 +32,6 @@ csi: cipher: aes-xts-plain64 keySize: 512 -controller: - replicas: 1 - provisioner: name: csi.cloudscale.ch image: @@ -75,7 +72,21 @@ resizer: # cpu: 100m # memory: 128Mi -plugin: +controller: + replicas: 1 + image: + repository: quay.io/cloudscalech/cloudscale-csi-plugin + tag: v3.2.0 + pullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +node: image: repository: quay.io/cloudscalech/cloudscale-csi-plugin tag: v3.2.0 From e9efd469bc93ac35157383ccd4344467923ff17b Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 15:14:57 +0200 Subject: [PATCH 15/46] Make it possible to inject the service account names. --- charts/csi-cloudscale/templates/_helpers.tpl | 18 ++++++++++++++++++ charts/csi-cloudscale/templates/daemonset.yaml | 2 +- charts/csi-cloudscale/templates/rbac.yaml | 8 ++++---- .../templates/serviceaccount.yaml | 4 ++-- .../csi-cloudscale/templates/statefulset.yaml | 2 +- charts/csi-cloudscale/values.yaml | 2 ++ 6 files changed, 28 insertions(+), 8 deletions(-) diff --git a/charts/csi-cloudscale/templates/_helpers.tpl b/charts/csi-cloudscale/templates/_helpers.tpl index 6bdbba0d..4a3c9519 100644 --- a/charts/csi-cloudscale/templates/_helpers.tpl +++ b/charts/csi-cloudscale/templates/_helpers.tpl @@ -15,3 +15,21 @@ {{ .Release.Name }}-cloudscale-token {{- end -}} {{- end -}} + +{{/* Get Controller Service Account Name*/}} +{{- define "csi-cloudscale.controller-service-account-name" -}} +{{- if .Values.controller.serviceAccountName -}} + {{ .Values.controller.serviceAccountName }} +{{- else -}} + {{ include "csi-cloudscale.driver-name" . }}-controller-sa +{{- end -}} +{{- end -}} + +{{/* Get Node Service Account Name*/}} +{{- define "csi-cloudscale.node-service-account-name" -}} +{{- if .Values.node.serviceAccountName -}} + {{ .Values.node.serviceAccountName }} +{{- else -}} + {{ include "csi-cloudscale.driver-name" . }}-node-sa +{{- end -}} +{{- end -}} diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index c67c053a..f8e20ea2 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -14,7 +14,7 @@ spec: role: csi-cloudscale spec: priorityClassName: system-node-critical - serviceAccount: {{ include "csi-cloudscale.driver-name" . }}-node-sa + serviceAccount: {{ include "csi-cloudscale.node-service-account-name" . }} hostNetwork: true containers: - name: csi-node-driver-registrar diff --git a/charts/csi-cloudscale/templates/rbac.yaml b/charts/csi-cloudscale/templates/rbac.yaml index 9dcbce87..1c833f62 100644 --- a/charts/csi-cloudscale/templates/rbac.yaml +++ b/charts/csi-cloudscale/templates/rbac.yaml @@ -86,7 +86,7 @@ metadata: name: {{ include "csi-cloudscale.driver-name" . }}-provisioner-binding subjects: - kind: ServiceAccount - name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa + name: {{ include "csi-cloudscale.controller-service-account-name" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole @@ -99,7 +99,7 @@ metadata: name: {{ include "csi-cloudscale.driver-name" . }}-resizer-binding subjects: - kind: ServiceAccount - name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa + name: {{ include "csi-cloudscale.controller-service-account-name" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole @@ -112,7 +112,7 @@ metadata: name: {{ include "csi-cloudscale.driver-name" . }}-attacher-binding subjects: - kind: ServiceAccount - name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa + name: {{ include "csi-cloudscale.controller-service-account-name" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole @@ -125,7 +125,7 @@ metadata: name: {{ include "csi-cloudscale.driver-name" . }}-node-driver-registrar-binding subjects: - kind: ServiceAccount - name: {{ include "csi-cloudscale.driver-name" . }}-node-sa + name: {{ include "csi-cloudscale.node-service-account-name" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole diff --git a/charts/csi-cloudscale/templates/serviceaccount.yaml b/charts/csi-cloudscale/templates/serviceaccount.yaml index 47f6cded..cd0f24e5 100644 --- a/charts/csi-cloudscale/templates/serviceaccount.yaml +++ b/charts/csi-cloudscale/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "csi-cloudscale.driver-name" . }}-controller-sa + name: {{ include "csi-cloudscale.controller-service-account-name" . }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "csi-cloudscale.driver-name" . }}-node-sa + name: {{ include "csi-cloudscale.node-service-account-name" . }} diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index fd25a5b1..d343640d 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -17,7 +17,7 @@ spec: spec: hostNetwork: true priorityClassName: system-cluster-critical - serviceAccount: {{ include "csi-cloudscale.driver-name" . }}-controller-sa + serviceAccount: {{ include "csi-cloudscale.controller-service-account-name" . }} containers: - name: csi-provisioner image: {{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 6e7bb6ae..12630341 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -78,6 +78,7 @@ controller: repository: quay.io/cloudscalech/cloudscale-csi-plugin tag: v3.2.0 pullPolicy: IfNotPresent + serviceAccountName: resources: {} # limits: # cpu: 100m @@ -91,6 +92,7 @@ node: repository: quay.io/cloudscalech/cloudscale-csi-plugin tag: v3.2.0 pullPolicy: IfNotPresent + serviceAccountName: resources: {} # limits: # cpu: 100m From d362431496bc93ee75dcc539defef9423a6cfe51 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 14:44:11 +0200 Subject: [PATCH 16/46] Remove ability to store cloudscale.ch API token as value. --- charts/csi-cloudscale/templates/_helpers.tpl | 6 +----- charts/csi-cloudscale/templates/secrets.yaml | 10 ---------- charts/csi-cloudscale/values.yaml | 3 +-- 3 files changed, 2 insertions(+), 17 deletions(-) delete mode 100644 charts/csi-cloudscale/templates/secrets.yaml diff --git a/charts/csi-cloudscale/templates/_helpers.tpl b/charts/csi-cloudscale/templates/_helpers.tpl index 4a3c9519..4aaeda27 100644 --- a/charts/csi-cloudscale/templates/_helpers.tpl +++ b/charts/csi-cloudscale/templates/_helpers.tpl @@ -9,11 +9,7 @@ {{/* Get API Token Name */}} {{- define "csi-cloudscale.api-token-name" -}} -{{- if .Values.cloudscale.token.existingSecret -}} - {{ .Values.cloudscale.token.existingSecret -}} -{{- else -}} - {{ .Release.Name }}-cloudscale-token -{{- end -}} +{{ required "cloudscale.token.existingSecret" .Values.cloudscale.token.existingSecret }} {{- end -}} {{/* Get Controller Service Account Name*/}} diff --git a/charts/csi-cloudscale/templates/secrets.yaml b/charts/csi-cloudscale/templates/secrets.yaml deleted file mode 100644 index 2fb597fb..00000000 --- a/charts/csi-cloudscale/templates/secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.cloudscale.token.existingSecret }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "csi-cloudscale.api-token-name" . }} -type: Opaque -data: - access-token: {{ required "cloudscale.token.value is required" .Values.cloudscale.token.value | b64enc | quote }} -{{- end }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 12630341..6cbb1cc1 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -1,8 +1,7 @@ cloudscale: apiUrl: https://api.cloudscale.ch/ token: - value: "secret" - # existingSecret: + existingSecret: cloudscale installCRDs: false nameOverride: From 1d1dab36cd4d2cb5fefe8e1c0c334f3c7e2abb43 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 17 Aug 2022 16:06:40 +0200 Subject: [PATCH 17/46] Readme Notes --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 4c086036..07266bd5 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,15 @@ $ kubectl exec -ti my-csi-app /bin/sh hello-world ``` +## Installing Using helm + +``` +helm install -n kube-system -g ./charts/csi-cloudscale + +helm template csi-cloudscale --dry-run -n kube-system --set nameOverride=csi-cloudscale charts/csi-cloudscale | kubectl-slice -f - -o deploy/kubernetes/releases/generated +kubectl-slice -f deploy/kubernetes/releases/csi-cloudscale-v6.0.0.yaml -o deploy/kubernetes/releases/v3 +``` + ## Upgrading ### From csi-cloudscale v1.x to v2.x From e28dc943c48c398d7915bdb6d3beab5c94f3d635 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 16:00:17 +0200 Subject: [PATCH 18/46] Restore original ordering. --- charts/csi-cloudscale/templates/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index d343640d..d6e561f7 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -40,8 +40,8 @@ spec: image: {{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }} imagePullPolicy: {{ .Values.attacher.image.pullPolicy }} args: - - "--v=5" - "--csi-address=$(ADDRESS)" + - "--v=5" {{- with .Values.attacher.resources }} resources: {{ toYaml . | indent 12 }} From 8c789a9b1fdd1526997de022eb7846f196caf715 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 16:06:02 +0200 Subject: [PATCH 19/46] Quotes recommended. --- charts/csi-cloudscale/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index e364dbde..ce589449 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -3,7 +3,7 @@ name: csi-cloudscale description: A Container Storage Interface Driver for cloudscale.ch volumes. type: application version: 0.1.0 -appVersion: 3.2.0 +appVersion: "3.2.0" home: https://github.com/cloudscale-ch/csi-cloudscale sources: - https://github.com/cloudscale-ch/csi-cloudscale.git From 6907e95ec695cd898b7588e6661d2e1e19850325 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 18 Aug 2022 16:34:43 +0200 Subject: [PATCH 20/46] Remove crds. The chart does not support driver versions that required it. --- charts/csi-cloudscale/templates/crds.yaml | 40 ----------------------- charts/csi-cloudscale/values.yaml | 1 - 2 files changed, 41 deletions(-) delete mode 100644 charts/csi-cloudscale/templates/crds.yaml diff --git a/charts/csi-cloudscale/templates/crds.yaml b/charts/csi-cloudscale/templates/crds.yaml deleted file mode 100644 index a8acb2f0..00000000 --- a/charts/csi-cloudscale/templates/crds.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.installCRDs }} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: csinodeinfos.csi.storage.k8s.io -spec: - group: csi.storage.k8s.io - names: - kind: CSINodeInfo - plural: csinodeinfos - scope: Cluster - validation: - openAPIV3Schema: - properties: - csiDrivers: - description: List of CSI drivers running on the node and their properties. - items: - properties: - driver: - description: The CSI driver that this object refers to. - type: string - nodeID: - description: The node from the driver point of view. - type: string - topologyKeys: - description: List of keys supported by the driver. - items: - type: string - type: array - type: array - version: v1alpha1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 6cbb1cc1..aa68ea77 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -3,7 +3,6 @@ cloudscale: token: existingSecret: cloudscale -installCRDs: false nameOverride: csi: From c59de9e3c610f25c490781d04871077dece3688d Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 24 Aug 2022 08:45:36 +0200 Subject: [PATCH 21/46] Use helm for the dev release. --- README.md | 2 +- deploy/integration_test.yml | 27 +- .../releases/csi-cloudscale-dev.yaml | 448 ------------------ 3 files changed, 20 insertions(+), 457 deletions(-) delete mode 100644 deploy/kubernetes/releases/csi-cloudscale-dev.yaml diff --git a/README.md b/README.md index 07266bd5..265026d1 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ $ kubectl apply -f https://raw.githubusercontent.com/cloudscale-ch/csi-cloudscal There are also `dev` images available: ``` -$ kubectl apply -f https://raw.githubusercontent.com/cloudscale-ch/csi-cloudscale/master/deploy/kubernetes/releases/csi-cloudscale-dev.yaml +$ helm install -g -n kube-system --set controller.image.tag=dev --set node.image.tag=dev ./charts/csi-cloudscale ``` The storage classes `cloudscale-volume-ssd` and `cloudscale-volume-bulk` will be created. The diff --git a/deploy/integration_test.yml b/deploy/integration_test.yml index 794067de..5ff6af28 100644 --- a/deploy/integration_test.yml +++ b/deploy/integration_test.yml @@ -56,9 +56,9 @@ yum: name: cryptsetup -- name: Include the play that installs kubernetes - tags: [install-kubernetes] - import_playbook: kubespray/cluster.yml +#- name: Include the play that installs kubernetes +# tags: [install-kubernetes] +# import_playbook: kubespray/cluster.yml - hosts: kube-master vars: @@ -87,13 +87,24 @@ debug: msg: "{{ secret_output.stdout_lines }}" - - name: Copy default cloudscale-csi config to kubernetes + # It would be nice to install helm using the tasks/roles in kubepsray, + # but I could not get it working. + - name: Get Helm installer + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + dest: "./get_helm.sh" + mode: '0700' + + - name: Install Helm + shell: "./get_helm.sh" + + - name: Copy chart copy: - src: "kubernetes/releases/csi-cloudscale-{{ version }}.yaml" - dest: "{{ config_file }}" + src: "../charts/csi-cloudscale" + dest: "charts" - - name: Apply default cloudscale-csi config to kubernetes - shell: "kubectl apply -f {{ config_file }}" + - name: Install csi-driver + shell: "helm install -g -n kube-system --set controller.image.tag={{ version }} --set node.image.tag={{ version }} ./charts/csi-cloudscale" - name: Copy kubernetes config to localhost fetch: diff --git a/deploy/kubernetes/releases/csi-cloudscale-dev.yaml b/deploy/kubernetes/releases/csi-cloudscale-dev.yaml deleted file mode 100644 index 33b94601..00000000 --- a/deploy/kubernetes/releases/csi-cloudscale-dev.yaml +++ /dev/null @@ -1,448 +0,0 @@ -# Copyright cloudscale.ch -# Copyright 2020 DigitalOcean -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Install the CSI Driver. This simplifies driver discovery and enables us to -# customize Kubernetes behavior -# https://kubernetes-csi.github.io/docs/csi-driver-object.html -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: csi.cloudscale.ch -spec: - attachRequired: true - podInfoOnMount: true - ---- - -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: cloudscale-volume-ssd - namespace: kube-system - annotations: - storageclass.kubernetes.io/is-default-class: "true" -provisioner: csi.cloudscale.ch -allowVolumeExpansion: true -parameters: - csi.cloudscale.ch/volume-type: ssd - ---- - -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: cloudscale-volume-bulk - namespace: kube-system -provisioner: csi.cloudscale.ch -allowVolumeExpansion: true -parameters: - csi.cloudscale.ch/volume-type: bulk - ---- - -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: cloudscale-volume-ssd-luks - namespace: kube-system -provisioner: csi.cloudscale.ch -allowVolumeExpansion: true -parameters: - csi.cloudscale.ch/volume-type: ssd - csi.cloudscale.ch/luks-encrypted: "true" - csi.cloudscale.ch/luks-cipher: "aes-xts-plain64" - csi.cloudscale.ch/luks-key-size: "512" - csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace} - csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key - ---- - -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: cloudscale-volume-bulk-luks - namespace: kube-system -provisioner: csi.cloudscale.ch -allowVolumeExpansion: true -parameters: - csi.cloudscale.ch/volume-type: bulk - csi.cloudscale.ch/luks-encrypted: "true" - csi.cloudscale.ch/luks-cipher: "aes-xts-plain64" - csi.cloudscale.ch/luks-key-size: "512" - csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace} - csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key - ---- - -############################################## -########### ############ -########### Controller plugin ############ -########### ############ -############################################## - -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-cloudscale-controller - namespace: kube-system -spec: - serviceName: "csi-cloudscale" - selector: - matchLabels: - app: csi-cloudscale-controller - replicas: 1 - template: - metadata: - labels: - app: csi-cloudscale-controller - role: csi-cloudscale - spec: - hostNetwork: true - priorityClassName: system-cluster-critical - serviceAccount: csi-cloudscale-controller-sa - containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v2.0.4 - args: - - "--csi-address=$(ADDRESS)" - - "--default-fstype=ext4" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v3.0.2 - args: - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v1.0.1 - args: - - "--csi-address=$(ADDRESS)" - - "--timeout=30s" - - "--v=5" - # cloudscale.ch volumes support online resize. - - "--handle-volume-inuse-error=false" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-cloudscale-plugin - image: quay.io/cloudscalech/cloudscale-csi-plugin:dev - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--url=$(CLOUDSCALE_API_URL)" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: CLOUDSCALE_API_URL - value: https://api.cloudscale.ch/ - - name: CLOUDSCALE_ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: cloudscale - key: access-token - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} - ---- - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: csi-cloudscale-controller-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "csinodes" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [ "" ] - resources: [ "nodes" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-cloudscale-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-cloudscale-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- -# Attacher must be able to work with PVs, nodes and VolumeAttachments -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-attacher-binding -subjects: - - kind: ServiceAccount - name: csi-cloudscale-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-cloudscale-attacher-role - apiGroup: rbac.authorization.k8s.io - ---- - -# Resizer must be able to work with PVCs, PVs, SCs. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-resizer-binding -subjects: - - kind: ServiceAccount - name: csi-cloudscale-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-cloudscale-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -######################################## -########### ############ -########### Node plugin ############ -########### ############ -######################################## - -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-cloudscale-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-cloudscale-node - template: - metadata: - labels: - app: csi-cloudscale-node - role: csi-cloudscale - spec: - priorityClassName: system-node-critical - serviceAccount: csi-cloudscale-node-sa - hostNetwork: true - containers: - - name: csi-node-driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/csi.cloudscale.ch /registration/csi.cloudscale.ch-reg.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/csi.cloudscale.ch/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi/ - - name: registration-dir - mountPath: /registration/ - - name: csi-cloudscale-plugin - image: quay.io/cloudscalech/cloudscale-csi-plugin:dev - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--url=$(CLOUDSCALE_API_URL)" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: CLOUDSCALE_API_URL - value: https://api.cloudscale.ch/ - - name: CLOUDSCALE_ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: cloudscale - key: access-token - imagePullPolicy: "Always" - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - name: device-dir - mountPath: /dev - - name: tmpfs - mountPath: /tmp - volumes: - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/csi.cloudscale.ch - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: device-dir - hostPath: - path: /dev - # to make sure temporary stored luks keys never touch a disk - - name: tmpfs - emptyDir: - medium: Memory - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-cloudscale-node-sa - namespace: kube-system - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-node-driver-registrar-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cloudscale-node-driver-registrar-binding -subjects: - - kind: ServiceAccount - name: csi-cloudscale-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-cloudscale-node-driver-registrar-role - apiGroup: rbac.authorization.k8s.io From c5280d35f730561c92626dee3bbd9e823acb705e Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 24 Aug 2022 08:55:14 +0200 Subject: [PATCH 22/46] * Use new group names. * Fix some things releated to kubepsray. --- deploy/README.rst | 4 +++- deploy/integration_test.yml | 10 ++++++---- deploy/inventory/hosts.ini | 23 +++++------------------ deploy/kubespray | 2 +- 4 files changed, 15 insertions(+), 24 deletions(-) diff --git a/deploy/README.rst b/deploy/README.rst index 0077799e..e83673e3 100644 --- a/deploy/README.rst +++ b/deploy/README.rst @@ -9,11 +9,13 @@ deploy kubernetes:: python3 -m venv venv . venv/bin/activate + # or requirements-{VERSION}.txt, see https://github.com/kubernetes-sigs/kubespray/blob/master/docs/ansible.md#ansible-python-compatibility pip install -r kubespray/requirements.txt + cd kubespray/ After this you run:: - CLOUDSCALE_TOKEN="foobar" ansible-playbook integration_test.yml -i inventory/hosts.ini + CLOUDSCALE_TOKEN="foobar" ansible-playbook ../integration_test.yml -i inventory/hosts.ini to install kubernetes on cloudscale.ch and run the integration tests. The playbook will also clean up VMs after the test. diff --git a/deploy/integration_test.yml b/deploy/integration_test.yml index 5ff6af28..4edef63b 100644 --- a/deploy/integration_test.yml +++ b/deploy/integration_test.yml @@ -34,8 +34,9 @@ hostname: "{{ created_servers.results[0].name }}" ansible_ssh_host: "{{ created_servers.results[0].interfaces[0].addresses[0].address }}" groups: - - kube-master + - kube_control_plane - etcd + - k8s_cluster ansible_user: 'root' - name: Register nodes in inventory @@ -43,13 +44,14 @@ hostname: "{{ item.name }}" ansible_ssh_host: "{{ item.interfaces[0].addresses[0].address }}" groups: - - kube-node + - kube_node + - k8s_cluster ansible_user: 'root' loop: ["{{ created_servers.results[1] }}", "{{ created_servers.results[2] }}"] # this is not needed for the plugin or the integration tests to work, but helps if you want # to take a closer look at the LUKS volumes with SSH on a node -- hosts: k8s-cluster +- hosts: k8s_cluster tags: [install-cryptsetup] tasks: - name: "Install cryptsetup on nodes" @@ -60,7 +62,7 @@ # tags: [install-kubernetes] # import_playbook: kubespray/cluster.yml -- hosts: kube-master +- hosts: kube_control_plane vars: cloudscale_api_token: "{{ lookup('env','CLOUDSCALE_TOKEN') }}" secret_file: 'secret.yml' diff --git a/deploy/inventory/hosts.ini b/deploy/inventory/hosts.ini index 1e5c1b1c..38416399 100644 --- a/deploy/inventory/hosts.ini +++ b/deploy/inventory/hosts.ini @@ -1,17 +1,4 @@ -# ## Configure 'ip' variable to bind kubernetes services on a -# ## different ip than the default iface -# ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value. -# node1 ansible_host=95.54.0.12 # ip=10.3.0.1 etcd_member_name=etcd1 -# node2 ansible_host=95.54.0.13 # ip=10.3.0.2 etcd_member_name=etcd2 -# node3 ansible_host=95.54.0.14 # ip=10.3.0.3 etcd_member_name=etcd3 -# node4 ansible_host=95.54.0.15 # ip=10.3.0.4 etcd_member_name=etcd4 -# node5 ansible_host=95.54.0.16 # ip=10.3.0.5 etcd_member_name=etcd5 -# node6 ansible_host=95.54.0.17 # ip=10.3.0.6 etcd_member_name=etcd6 - -# ## configure a bastion host if your nodes are not directly reachable -# bastion ansible_host=x.x.x.x ansible_user=some_user - -[kube-master] +[kube_control_plane] # node1 # node2 @@ -20,13 +7,13 @@ # node2 # node3 -[kube-node] +[kube_node] # node2 # node3 # node4 # node5 # node6 -[k8s-cluster:children] -kube-master -kube-node +[k8s_cluster:children] +kube_node +kube_control_plane diff --git a/deploy/kubespray b/deploy/kubespray index 92f25bf2..1f65e6d3 160000 --- a/deploy/kubespray +++ b/deploy/kubespray @@ -1 +1 @@ -Subproject commit 92f25bf267ffd3393f6caffa588169d3a44a799c +Subproject commit 1f65e6d3b5752f9a64d3038e45d705f272acae58 From a5122bf4767e5c1327644fd8f01850e749f4de29 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 24 Aug 2022 09:51:26 +0200 Subject: [PATCH 23/46] Add max_csi_volumes_per_node to chart. --- charts/csi-cloudscale/templates/daemonset.yaml | 2 ++ charts/csi-cloudscale/values.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index f8e20ea2..f7f835bc 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -61,6 +61,8 @@ spec: value: unix:///csi/csi.sock - name: CLOUDSCALE_API_URL value: {{ .Values.cloudscale.apiUrl }} + - name: CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE + value: {{ .Values.node.max_csi_volumes_per_node }} - name: CLOUDSCALE_ACCESS_TOKEN valueFrom: secretKeyRef: diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index aa68ea77..bcc38302 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -90,6 +90,7 @@ node: repository: quay.io/cloudscalech/cloudscale-csi-plugin tag: v3.2.0 pullPolicy: IfNotPresent + max_csi_volumes_per_node: serviceAccountName: resources: {} # limits: From eac46a4942d6c4c5462ed7863cd71bb509c6ce8d Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 24 Aug 2022 11:21:47 +0200 Subject: [PATCH 24/46] Replace 'install --dry-run' with 'template' --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1dbf7679..82fa87f1 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ bump-version: @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' README.md @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' charts/csi-cloudscale/values.yaml @sed -i'' -e 's/${VERSION:v%=%}/${NEW_VERSION:v%=%}/g' charts/csi-cloudscale/Chart.yaml - @helm install csi-cloudscale --dry-run -n kube-system --set nameOverride=csi-cloudscale ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml + @helm template csi-cloudscale -n kube-system --set nameOverride=csi-cloudscale ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml $(eval NEW_DATE = $(shell date +%Y.%m.%d)) @sed -i'' -e 's/## unreleased/## ${NEW_VERSION} - ${NEW_DATE}/g' CHANGELOG.md @ echo '## unreleased\n' | cat - CHANGELOG.md > temp && mv temp CHANGELOG.md From bcc779e4c04bf3cdb489315cc514c84745849161 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 24 Aug 2022 11:24:00 +0200 Subject: [PATCH 25/46] Setup chart-releaser. --- .github/workflows/release-chart.yml | 36 +++++++++++++++++++++++++++++ charts/csi-cloudscale/Chart.yaml | 3 ++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/release-chart.yml diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml new file mode 100644 index 00000000..d9732256 --- /dev/null +++ b/.github/workflows/release-chart.yml @@ -0,0 +1,36 @@ +name: Release Charts + +on: + push: + branches: + - master + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3.3 + with: + version: v3.9.3 + + - name: Add repositories + run: | + for dir in $(ls -d charts/*/); do + helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done + done + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.4.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index ce589449..65ec99dd 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: csi-cloudscale description: A Container Storage Interface Driver for cloudscale.ch volumes. type: application -version: 0.1.0 +version: 0.1.1 appVersion: "3.2.0" home: https://github.com/cloudscale-ch/csi-cloudscale sources: @@ -11,3 +11,4 @@ dependencies: - name: common version: 1.17.1 repository: https://charts.bitnami.com/bitnami + From 8f6a572c577e1f8f2491240aef1511f288d2b988 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 15 Sep 2022 16:45:55 +0200 Subject: [PATCH 26/46] Remove debug Makefile target. --- Makefile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Makefile b/Makefile index 82fa87f1..dedc8445 100644 --- a/Makefile +++ b/Makefile @@ -94,6 +94,3 @@ vendor: clean: @echo "==> Cleaning releases" @GOOS=${OS} go clean -i -x ./... - -debug: - @echo ${VERSION:v%=%} From dc17efdb0b02c7fabbf604943efe1e96005499e2 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Mon, 19 Sep 2022 09:42:28 +0200 Subject: [PATCH 27/46] Update version number after merge. --- charts/csi-cloudscale/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index bcc38302..8f3ec296 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -74,7 +74,7 @@ controller: replicas: 1 image: repository: quay.io/cloudscalech/cloudscale-csi-plugin - tag: v3.2.0 + tag: v3.2.1 pullPolicy: IfNotPresent serviceAccountName: resources: {} @@ -88,7 +88,7 @@ controller: node: image: repository: quay.io/cloudscalech/cloudscale-csi-plugin - tag: v3.2.0 + tag: v3.2.1 pullPolicy: IfNotPresent max_csi_volumes_per_node: serviceAccountName: From ce6ce648d5c86515345f33937154058d8e6a00ab Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Mon, 19 Sep 2022 10:05:12 +0200 Subject: [PATCH 28/46] Fix appVersion. --- charts/csi-cloudscale/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index 65ec99dd..2d83101c 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -3,7 +3,7 @@ name: csi-cloudscale description: A Container Storage Interface Driver for cloudscale.ch volumes. type: application version: 0.1.1 -appVersion: "3.2.0" +appVersion: "3.2.1" home: https://github.com/cloudscale-ch/csi-cloudscale sources: - https://github.com/cloudscale-ch/csi-cloudscale.git From 52867a569c7548aabb2b0335fa917a215565247d Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Tue, 20 Sep 2022 15:51:37 +0200 Subject: [PATCH 29/46] Update README.md for Helm installations. --- README.md | 82 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 63 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index a706282d..afb95ee7 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,17 @@ The cloudscale.ch CSI plugin is mostly tested on Kubernetes. Theoretically it should also work on other Container Orchestrators, such as Mesos or Cloud Foundry. Feel free to test it on other COs and give us a feedback. +## TL;DR + +```shell +# Add a cloudscale.ch API token as secret, replace the placeholder string starting with `a05...` with your own secret +$ kubectl -n kube-system create secret generic cloudscale --from-literal=access-token=a05dd2f26b9b9ac2asdas__REPLACE_ME____123cb5d1ec17513e06da +# Add repository +$ helm repo add csi-cloudscale https://cloudscale-ch.github.io/csi-cloudscale +# Install Driver +$ helm install -n kube-system -g csi-cloudscale/csi-cloudscale +``` + ## Volume parameters This plugin supports the following volume parameters (in case of kubernetes: parameters on the @@ -118,29 +129,58 @@ cloudscale Opaque 1 18h #### 2. Deploy the CSI plugin and sidecars: -Before you continue, be sure to checkout to a [tagged -release](https://github.com/cloudscale-ch/csi-cloudscale/releases). -Always use the [latest stable version](https://github.com/cloudscale-ch/csi-cloudscale/releases/latest) -For example, to use the latest stable version (`v3.2.1`) you can execute the following command: +You can install the CSI plugin and sidecars using one of the following methods: + * Helm (requires a Helm installation) + * YAML Manifests (only kubectl required) + + +#### 2a. Using Helm: + +Before you can install the csi-cloudscale chart, you need to add the helm repository: ``` -$ kubectl apply -f https://raw.githubusercontent.com/cloudscale-ch/csi-cloudscale/master/deploy/kubernetes/releases/csi-cloudscale-v3.2.1.yaml +$ helm repo add csi-cloudscale https://cloudscale-ch.github.io/csi-cloudscale ``` -There are also `dev` images available: +Then install the latest stable version: + +``` +$ helm install -n kube-system -g csi-cloudscale/csi-cloudscale +``` + +Advanced users can customize the installation by specifying custom values. +The following table summarizes the most-frequently used parameters. +For a complete list please refer to [values.yaml](./charts/csi-cloudscale/values.yaml) + +| Parameter | Default | Description | +|---------------------------------|------------------------------|--------------------------------------------------------------------------------------------| +| cloudscale.apiUrl | `https://api.cloudscale.ch/` | URL of the cloudscale.ch API. You can almost certainly use the default | +| cloudscale.token.existingSecret | `cloudscale` | Name of the Kubernetes Secret which contains the cloudscale.ch API Token. | +| extraDeploy | `[]` | To deploy extra objects together with the driver. | +| nameOverride | `null` | Override the default `{{ .Release.Name }}-csi-cloudscale` name pattern with a custom name. | + +Note: if you want to test a debug/dev release, you can use the following command: ``` $ helm install -g -n kube-system --set controller.image.tag=dev --set node.image.tag=dev ./charts/csi-cloudscale ``` +#### 2b. Using YAML Manifests: + +Before you continue, be sure to checkout to a [tagged +release](https://github.com/cloudscale-ch/csi-cloudscale/releases). +Always use the [latest stable version](https://github.com/cloudscale-ch/csi-cloudscale/releases/latest) +For example, to use the latest stable version (`v3.2.1`) you can execute the following command: + +``` +$ kubectl apply -f https://raw.githubusercontent.com/cloudscale-ch/csi-cloudscale/master/deploy/kubernetes/releases/csi-cloudscale-v3.2.1.yaml +``` + The storage classes `cloudscale-volume-ssd` and `cloudscale-volume-bulk` will be created. The storage class `cloudscale-volume-ssd` is set to **"default"** for dynamic provisioning. If you're using multiple storage classes you might want to remove the annotation and re-deploy it. This is based on the [recommended mechanism](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/container-storage-interface.md#recommended-mechanism-for-deploying-csi-drivers-on-kubernetes) of deploying CSI drivers on Kubernetes -*Note that the deployment proposal to Kubernetes is still a work in progress and not all of the written -features are implemented. When in doubt, open an issue or ask #sig-storage in [Kubernetes Slack](http://slack.k8s.io)* - #### 3. Test and verify: Create a PersistentVolumeClaim. This makes sure a volume is created and provisioned on your behalf: @@ -213,15 +253,6 @@ $ kubectl exec -ti my-csi-app /bin/sh hello-world ``` -## Installing Using helm - -``` -helm install -n kube-system -g ./charts/csi-cloudscale - -helm template csi-cloudscale --dry-run -n kube-system --set nameOverride=csi-cloudscale charts/csi-cloudscale | kubectl-slice -f - -o deploy/kubernetes/releases/generated -kubectl-slice -f deploy/kubernetes/releases/csi-cloudscale-v6.0.0.yaml -o deploy/kubernetes/releases/v3 -``` - ## Upgrading ### From csi-cloudscale v1.x to v2.x @@ -280,12 +311,25 @@ Requirements: * Go: min `v1.10.x` * Helm -Build out the charts/ directory from the Chart.lock file: +Build out the `charts/` directory from the `Chart.lock` file: ``` $ helm dependency build charts/csi-cloudscale ``` +Install the chart from local soruces: + +``` +$ helm install -n kube-system -g ./charts/csi-cloudscale +``` + +Useful commands to compare the generated helm chart to the static YAML manifests: + +``` +$ helm template csi-cloudscale --dry-run -n kube-system --set nameOverride=csi-cloudscale charts/csi-cloudscale | kubectl-slice -f - -o deploy/kubernetes/releases/generated +$ kubectl-slice -f deploy/kubernetes/releases/csi-cloudscale-v6.0.0.yaml -o deploy/kubernetes/releases/v3 +``` + After making your changes, run the unit tests: ``` From 786dcaf95915b432c1a03d35c4aac6001d898f2b Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Tue, 20 Sep 2022 16:04:10 +0200 Subject: [PATCH 30/46] Fix typo. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afb95ee7..8878a41c 100644 --- a/README.md +++ b/README.md @@ -317,7 +317,7 @@ Build out the `charts/` directory from the `Chart.lock` file: $ helm dependency build charts/csi-cloudscale ``` -Install the chart from local soruces: +Install the chart from local sources: ``` $ helm install -n kube-system -g ./charts/csi-cloudscale From 9f3159482fca881b608585f7457332d3701fdb46 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Tue, 20 Sep 2022 16:07:02 +0200 Subject: [PATCH 31/46] Only take into account version key if it's at the beginning of the line. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index dedc8445..c737621b 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ LDFLAGS ?= -X github.com/cloudscale-ch/csi-cloudscale/driver.version=${VERSION} PKG ?= github.com/cloudscale-ch/csi-cloudscale/cmd/cloudscale-csi-plugin VERSION ?= $(shell cat VERSION) -CHART_VERSION ?= $(shell awk '/version:/ {print $$2}' charts/csi-cloudscale/Chart.yaml) +CHART_VERSION ?= $(shell awk '/^version:/ {print $$2}' charts/csi-cloudscale/Chart.yaml) DOCKER_REPO ?= quay.io/cloudscalech/cloudscale-csi-plugin all: check-unused test From ec17515fae41a804b8e8f59fb35f5dd38c048957 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Tue, 20 Sep 2022 17:16:31 +0200 Subject: [PATCH 32/46] Add resource values to README.md. --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 8878a41c..d6be1521 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,13 @@ For a complete list please refer to [values.yaml](./charts/csi-cloudscale/values | cloudscale.token.existingSecret | `cloudscale` | Name of the Kubernetes Secret which contains the cloudscale.ch API Token. | | extraDeploy | `[]` | To deploy extra objects together with the driver. | | nameOverride | `null` | Override the default `{{ .Release.Name }}-csi-cloudscale` name pattern with a custom name. | +| provisioner.resources | `{}` | Resource limits and requests for the provisioner side-car. | +| attacher.resources | `{}` | Resource limits and requests for the attacher side-car. | +| resizer.resources | `{}` | Resource limits and requests for the resizer side-car. | +| controller.resources | `{}` | Resource limits and requests for the controller container. | +| node.resources | `{}` | Resource limits and requests for the node container. | +| driverRegistrar.resources | `{}` | Resource limits and requests for the driverRegistrar side-car. | + Note: if you want to test a debug/dev release, you can use the following command: From 207a18923095a6569eb652aaeb7462be5d432eed Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Tue, 20 Sep 2022 18:08:40 +0200 Subject: [PATCH 33/46] Add serviceAccountName values and reorder table. --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d6be1521..a4f2baf8 100644 --- a/README.md +++ b/README.md @@ -154,16 +154,18 @@ For a complete list please refer to [values.yaml](./charts/csi-cloudscale/values | Parameter | Default | Description | |---------------------------------|------------------------------|--------------------------------------------------------------------------------------------| +| attacher.resources | `{}` | Resource limits and requests for the attacher side-car. | | cloudscale.apiUrl | `https://api.cloudscale.ch/` | URL of the cloudscale.ch API. You can almost certainly use the default | | cloudscale.token.existingSecret | `cloudscale` | Name of the Kubernetes Secret which contains the cloudscale.ch API Token. | +| controller.resources | `{}` | Resource limits and requests for the controller container. | +| controller.serviceAccountName | `null` | Override the controller service account name. | +| driverRegistrar.resources | `{}` | Resource limits and requests for the driverRegistrar side-car. | | extraDeploy | `[]` | To deploy extra objects together with the driver. | | nameOverride | `null` | Override the default `{{ .Release.Name }}-csi-cloudscale` name pattern with a custom name. | +| node.resources | `{}` | Resource limits and requests for the node container. | +| node.serviceAccountName | `null` | Override the controller node account name. | | provisioner.resources | `{}` | Resource limits and requests for the provisioner side-car. | -| attacher.resources | `{}` | Resource limits and requests for the attacher side-car. | | resizer.resources | `{}` | Resource limits and requests for the resizer side-car. | -| controller.resources | `{}` | Resource limits and requests for the controller container. | -| node.resources | `{}` | Resource limits and requests for the node container. | -| driverRegistrar.resources | `{}` | Resource limits and requests for the driverRegistrar side-car. | Note: if you want to test a debug/dev release, you can use the following command: From d04c56b94ea4b9e7ca684d3f7a83588e7be25d6f Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 21 Sep 2022 13:43:43 +0200 Subject: [PATCH 34/46] Introduce two separate values "registry" and "repository" for the images used. --- charts/csi-cloudscale/templates/daemonset.yaml | 4 ++-- .../csi-cloudscale/templates/statefulset.yaml | 8 ++++---- charts/csi-cloudscale/values.yaml | 18 ++++++++++++------ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index f7f835bc..810aa976 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -18,7 +18,7 @@ spec: hostNetwork: true containers: - name: csi-node-driver-registrar - image: {{ .Values.driverRegistrar.image.repository }}:{{ .Values.driverRegistrar.image.tag }} + image: "{{ .Values.driverRegistrar.image.registry }}/{{ .Values.driverRegistrar.image.repository }}:{{ .Values.driverRegistrar.image.tag }}" imagePullPolicy: {{ .Values.driverRegistrar.image.pullPolicy }} args: - "--v=5" @@ -47,7 +47,7 @@ spec: - name: registration-dir mountPath: /registration/ - name: csi-cloudscale-plugin - image: {{ .Values.node.image.repository }}:{{ .Values.node.image.tag }} + image: "{{ .Values.node.image.registry}}/{{ .Values.node.image.repository }}:{{ .Values.node.image.tag }}" imagePullPolicy: {{ .Values.node.image.pullPolicy }} args : - "--endpoint=$(CSI_ENDPOINT)" diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index d6e561f7..95aa714a 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -20,7 +20,7 @@ spec: serviceAccount: {{ include "csi-cloudscale.controller-service-account-name" . }} containers: - name: csi-provisioner - image: {{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }} + image: "{{ .Values.provisioner.image.registry }}/{{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }}" imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -37,7 +37,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-attacher - image: {{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }} + image: "{{ .Values.attacher.image.registry }}/{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}" imagePullPolicy: {{ .Values.attacher.image.pullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -53,7 +53,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-resizer - image: {{ .Values.resizer.image.repository }}:{{ .Values.resizer.image.tag }} + image: "{{ .Values.resizer.image.registry }}/{{ .Values.resizer.image.repository }}:{{ .Values.resizer.image.tag }}" args: - "--csi-address=$(ADDRESS)" - "--timeout=30s" @@ -71,7 +71,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-cloudscale-plugin - image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} + image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" args : - "--endpoint=$(CSI_ENDPOINT)" - "--url=$(CLOUDSCALE_API_URL)" diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 8f3ec296..fe3b8d40 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -33,7 +33,8 @@ csi: provisioner: name: csi.cloudscale.ch image: - repository: quay.io/k8scsi/csi-provisioner + registry: quay.io + repository: k8scsi/csi-provisioner tag: v2.0.4 pullPolicy: IfNotPresent resources: {} @@ -46,7 +47,8 @@ provisioner: attacher: image: - repository: quay.io/k8scsi/csi-attacher + registry: quay.io + repository: k8scsi/csi-attacher tag: v3.0.2 pullPolicy: IfNotPresent resources: {} @@ -59,7 +61,8 @@ attacher: resizer: image: - repository: quay.io/k8scsi/csi-resizer + registry: quay.io + repository: k8scsi/csi-resizer tag: v1.0.1 pullPolicy: IfNotPresent resources: {} @@ -73,7 +76,8 @@ resizer: controller: replicas: 1 image: - repository: quay.io/cloudscalech/cloudscale-csi-plugin + registry: quay.io + repository: cloudscalech/cloudscale-csi-plugin tag: v3.2.1 pullPolicy: IfNotPresent serviceAccountName: @@ -87,7 +91,8 @@ controller: node: image: - repository: quay.io/cloudscalech/cloudscale-csi-plugin + registry: quay.io + repository: cloudscalech/cloudscale-csi-plugin tag: v3.2.1 pullPolicy: IfNotPresent max_csi_volumes_per_node: @@ -102,7 +107,8 @@ node: driverRegistrar: image: - repository: quay.io/k8scsi/csi-node-driver-registrar + registry: quay.io + repository: k8scsi/csi-node-driver-registrar tag: v2.0.1 pullPolicy: IfNotPresent resources: {} From a35e77468ea6854b46db916895a3e05e6c10c5ed Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 21 Sep 2022 13:50:58 +0200 Subject: [PATCH 35/46] Add logLevelVerbosity value. --- charts/csi-cloudscale/templates/daemonset.yaml | 2 +- charts/csi-cloudscale/templates/statefulset.yaml | 6 +++--- charts/csi-cloudscale/values.yaml | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index 810aa976..ea407fab 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -21,7 +21,7 @@ spec: image: "{{ .Values.driverRegistrar.image.registry }}/{{ .Values.driverRegistrar.image.repository }}:{{ .Values.driverRegistrar.image.tag }}" imagePullPolicy: {{ .Values.driverRegistrar.image.pullPolicy }} args: - - "--v=5" + - "--v={{ .Values.driverRegistrar.logLevelVerbosity }}" - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" lifecycle: diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 95aa714a..89ccf058 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -25,7 +25,7 @@ spec: args: - "--csi-address=$(ADDRESS)" - "--default-fstype=ext4" - - "--v=5" + - "--v={{ .Values.provisioner.logLevelVerbosity }}" {{- with .Values.provisioner.resources }} resources: {{ toYaml . | indent 12 }} @@ -41,7 +41,7 @@ spec: imagePullPolicy: {{ .Values.attacher.image.pullPolicy }} args: - "--csi-address=$(ADDRESS)" - - "--v=5" + - "--v={{ .Values.attacher.logLevelVerbosity }}" {{- with .Values.attacher.resources }} resources: {{ toYaml . | indent 12 }} @@ -57,7 +57,7 @@ spec: args: - "--csi-address=$(ADDRESS)" - "--timeout=30s" - - "--v=5" + - "--v={{ .Values.resizer.logLevelVerbosity }}" - "--handle-volume-inuse-error=false" {{- with .Values.resizer.resources }} resources: diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index fe3b8d40..be638ab1 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -37,6 +37,7 @@ provisioner: repository: k8scsi/csi-provisioner tag: v2.0.4 pullPolicy: IfNotPresent + logLevelVerbosity: 5 resources: {} # limits: # cpu: 100m @@ -51,6 +52,7 @@ attacher: repository: k8scsi/csi-attacher tag: v3.0.2 pullPolicy: IfNotPresent + logLevelVerbosity: "5" resources: {} # limits: # cpu: 100m @@ -65,6 +67,7 @@ resizer: repository: k8scsi/csi-resizer tag: v1.0.1 pullPolicy: IfNotPresent + logLevelVerbosity: "5" resources: {} # limits: # cpu: 100m @@ -111,6 +114,7 @@ driverRegistrar: repository: k8scsi/csi-node-driver-registrar tag: v2.0.1 pullPolicy: IfNotPresent + logLevelVerbosity: "5" resources: {} # limits: # cpu: 100m From ca443b0cc90c7e4ed3845c3d0ba6c5bf5afa0a54 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 21 Sep 2022 16:57:50 +0200 Subject: [PATCH 36/46] Add a default for max_csi_volumes_per_node. --- README.md | 4 +++- charts/csi-cloudscale/templates/daemonset.yaml | 2 +- charts/csi-cloudscale/values.yaml | 2 +- driver/driver_test.go | 2 +- driver/node.go | 4 ++-- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index a4f2baf8..28b6fd89 100644 --- a/README.md +++ b/README.md @@ -162,12 +162,12 @@ For a complete list please refer to [values.yaml](./charts/csi-cloudscale/values | driverRegistrar.resources | `{}` | Resource limits and requests for the driverRegistrar side-car. | | extraDeploy | `[]` | To deploy extra objects together with the driver. | | nameOverride | `null` | Override the default `{{ .Release.Name }}-csi-cloudscale` name pattern with a custom name. | +| node.max_csi_volumes_per_node | `125` | Override [max. Number of CSI Volumes per Node](#Max.-Number-of-CSI-Volumes-per-Node) | | node.resources | `{}` | Resource limits and requests for the node container. | | node.serviceAccountName | `null` | Override the controller node account name. | | provisioner.resources | `{}` | Resource limits and requests for the provisioner side-car. | | resizer.resources | `{}` | Resource limits and requests for the resizer side-car. | - Note: if you want to test a debug/dev release, you can use the following command: ``` @@ -309,6 +309,8 @@ env: value: '10' ``` +Or use the `node.max_csi_volumes_per_node` value of the [Helm chart](#2a-using-helm). + Note that there are currently the following hard-limits per Node: * 26 volumes (including root) for `virtio-blk` (`/dev/vdX`). * 128 volumes (including root) for `virtio-scsi` (`/dev/sdX`). diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index ea407fab..72f5ca46 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -62,7 +62,7 @@ spec: - name: CLOUDSCALE_API_URL value: {{ .Values.cloudscale.apiUrl }} - name: CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE - value: {{ .Values.node.max_csi_volumes_per_node }} + value: {{ .Values.node.max_csi_volumes_per_node | quote }} - name: CLOUDSCALE_ACCESS_TOKEN valueFrom: secretKeyRef: diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index be638ab1..5b61538b 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -98,7 +98,7 @@ node: repository: cloudscalech/cloudscale-csi-plugin tag: v3.2.1 pullPolicy: IfNotPresent - max_csi_volumes_per_node: + max_csi_volumes_per_node: 125 serviceAccountName: resources: {} # limits: diff --git a/driver/driver_test.go b/driver/driver_test.go index e9b8c05d..63300aa4 100644 --- a/driver/driver_test.go +++ b/driver/driver_test.go @@ -230,7 +230,7 @@ func (f FakeVolumeServiceOperations) Update(ctx context.Context, volumeID string } volumesCount := getVolumesPerServer(f, serverUUID) - if volumesCount >= defaultMaxVolumesPerNode { + if volumesCount >= fallbackMaxVolumesPerNode { return &cloudscale.ErrorResponse{ StatusCode: 400, Message: map[string]string{"detail": "Due to internal limitations, it is currently not possible to attach more than 128 volumes"}, diff --git a/driver/node.go b/driver/node.go index 9886cc86..5940cd4d 100644 --- a/driver/node.go +++ b/driver/node.go @@ -48,7 +48,7 @@ const ( // - 1 for root // - 1 for /var/lib/docker // - 1 additional volume outside of CSI - defaultMaxVolumesPerNode = 125 + fallbackMaxVolumesPerNode = 125 volumeModeBlock = "block" volumeModeFilesystem = "filesystem" @@ -330,7 +330,7 @@ func getEnvAsInt(key string, fallback int64) int64 { func (d *Driver) NodeGetInfo(ctx context.Context, req *csi.NodeGetInfoRequest) (*csi.NodeGetInfoResponse, error) { d.log.WithField("method", "node_get_info").Info("node get info called") - maxVolumesPerNode := getEnvAsInt("CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE", defaultMaxVolumesPerNode) + maxVolumesPerNode := getEnvAsInt("CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE", fallbackMaxVolumesPerNode) return &csi.NodeGetInfoResponse{ NodeId: d.serverId, From e4a7197f85805dd0f01265cd5e9752deae5ebbf3 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 21 Sep 2022 17:32:54 +0200 Subject: [PATCH 37/46] Allow tolerations to be injected for node daemonset. --- README.md | 1 + charts/csi-cloudscale/templates/daemonset.yaml | 4 ++++ charts/csi-cloudscale/values.yaml | 1 + 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 28b6fd89..1d159b85 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,7 @@ For a complete list please refer to [values.yaml](./charts/csi-cloudscale/values | node.max_csi_volumes_per_node | `125` | Override [max. Number of CSI Volumes per Node](#Max.-Number-of-CSI-Volumes-per-Node) | | node.resources | `{}` | Resource limits and requests for the node container. | | node.serviceAccountName | `null` | Override the controller node account name. | +| node.tolerations | `[]` | Set tolerations on the node daemonSet. | | provisioner.resources | `{}` | Resource limits and requests for the provisioner side-car. | | resizer.resources | `{}` | Resource limits and requests for the resizer side-car. | diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index 72f5ca46..c16939b3 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -85,6 +85,10 @@ spec: mountPath: /dev - name: tmpfs mountPath: /tmp + {{- with .Values.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} volumes: - name: registration-dir hostPath: diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 5b61538b..99cb5a4b 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -99,6 +99,7 @@ node: tag: v3.2.1 pullPolicy: IfNotPresent max_csi_volumes_per_node: 125 + tolerations: [] serviceAccountName: resources: {} # limits: From 7cb40b563fe53c8ca43c3a97b220d805e9263583 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Wed, 21 Sep 2022 17:47:15 +0200 Subject: [PATCH 38/46] Update CHANGELOG.md. --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 39667ef3..4ad0d0f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ## unreleased +* Package as Helm chart. +* Always set `CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE` in manifest. ## v3.2.1 - 2022.07.12 * Ensure that the device has the expected size in NodeExpandVolume to avoid a race-condition that appeared in testing. From 8ff2dcdb8ffc84909d618bf4d94e46fe48fe08cf Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 08:33:57 +0200 Subject: [PATCH 39/46] Uncomment part of playbook that should not have been commented out. --- deploy/integration_test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/integration_test.yml b/deploy/integration_test.yml index 96ca3ed0..eb46dade 100644 --- a/deploy/integration_test.yml +++ b/deploy/integration_test.yml @@ -58,9 +58,9 @@ yum: name: cryptsetup -#- name: Include the play that installs kubernetes -# tags: [install-kubernetes] -# import_playbook: kubespray/cluster.yml +- name: Include the play that installs kubernetes + tags: [install-kubernetes] + import_playbook: kubespray/cluster.yml - hosts: kube_control_plane vars: From 3af5fec3b6b3e2105a346cd9905f4a0afee23e1f Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 09:25:20 +0200 Subject: [PATCH 40/46] Move max_csi_volumes_per_node value to cloudscale instead of node. --- README.md | 34 +++++++++---------- .../csi-cloudscale/templates/daemonset.yaml | 2 +- charts/csi-cloudscale/values.yaml | 2 +- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 1d159b85..c8e95603 100644 --- a/README.md +++ b/README.md @@ -152,22 +152,22 @@ Advanced users can customize the installation by specifying custom values. The following table summarizes the most-frequently used parameters. For a complete list please refer to [values.yaml](./charts/csi-cloudscale/values.yaml) -| Parameter | Default | Description | -|---------------------------------|------------------------------|--------------------------------------------------------------------------------------------| -| attacher.resources | `{}` | Resource limits and requests for the attacher side-car. | -| cloudscale.apiUrl | `https://api.cloudscale.ch/` | URL of the cloudscale.ch API. You can almost certainly use the default | -| cloudscale.token.existingSecret | `cloudscale` | Name of the Kubernetes Secret which contains the cloudscale.ch API Token. | -| controller.resources | `{}` | Resource limits and requests for the controller container. | -| controller.serviceAccountName | `null` | Override the controller service account name. | -| driverRegistrar.resources | `{}` | Resource limits and requests for the driverRegistrar side-car. | -| extraDeploy | `[]` | To deploy extra objects together with the driver. | -| nameOverride | `null` | Override the default `{{ .Release.Name }}-csi-cloudscale` name pattern with a custom name. | -| node.max_csi_volumes_per_node | `125` | Override [max. Number of CSI Volumes per Node](#Max.-Number-of-CSI-Volumes-per-Node) | -| node.resources | `{}` | Resource limits and requests for the node container. | -| node.serviceAccountName | `null` | Override the controller node account name. | -| node.tolerations | `[]` | Set tolerations on the node daemonSet. | -| provisioner.resources | `{}` | Resource limits and requests for the provisioner side-car. | -| resizer.resources | `{}` | Resource limits and requests for the resizer side-car. | +| Parameter | Default | Description | +|-------------------------------------|------------------------------|--------------------------------------------------------------------------------------------| +| attacher.resources | `{}` | Resource limits and requests for the attacher side-car. | +| cloudscale.apiUrl | `https://api.cloudscale.ch/` | URL of the cloudscale.ch API. You can almost certainly use the default | +| cloudscale.max_csi_volumes_per_node | `125` | Override [max. Number of CSI Volumes per Node](#Max.-Number-of-CSI-Volumes-per-Node) | +| cloudscale.token.existingSecret | `cloudscale` | Name of the Kubernetes Secret which contains the cloudscale.ch API Token. | +| controller.resources | `{}` | Resource limits and requests for the controller container. | +| controller.serviceAccountName | `null` | Override the controller service account name. | +| driverRegistrar.resources | `{}` | Resource limits and requests for the driverRegistrar side-car. | +| extraDeploy | `[]` | To deploy extra objects together with the driver. | +| nameOverride | `null` | Override the default `{{ .Release.Name }}-csi-cloudscale` name pattern with a custom name. | +| node.resources | `{}` | Resource limits and requests for the node container. | +| node.serviceAccountName | `null` | Override the controller node account name. | +| node.tolerations | `[]` | Set tolerations on the node daemonSet. | +| provisioner.resources | `{}` | Resource limits and requests for the provisioner side-car. | +| resizer.resources | `{}` | Resource limits and requests for the resizer side-car. | Note: if you want to test a debug/dev release, you can use the following command: @@ -310,7 +310,7 @@ env: value: '10' ``` -Or use the `node.max_csi_volumes_per_node` value of the [Helm chart](#2a-using-helm). +Or use the `cloudscale.max_csi_volumes_per_node` value of the [Helm chart](#2a-using-helm). Note that there are currently the following hard-limits per Node: * 26 volumes (including root) for `virtio-blk` (`/dev/vdX`). diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index c16939b3..267f5fc0 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -62,7 +62,7 @@ spec: - name: CLOUDSCALE_API_URL value: {{ .Values.cloudscale.apiUrl }} - name: CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE - value: {{ .Values.node.max_csi_volumes_per_node | quote }} + value: {{ .Values.cloudscale.max_csi_volumes_per_node | quote }} - name: CLOUDSCALE_ACCESS_TOKEN valueFrom: secretKeyRef: diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 99cb5a4b..d687bbb3 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -2,6 +2,7 @@ cloudscale: apiUrl: https://api.cloudscale.ch/ token: existingSecret: cloudscale + max_csi_volumes_per_node: 125 nameOverride: @@ -98,7 +99,6 @@ node: repository: cloudscalech/cloudscale-csi-plugin tag: v3.2.1 pullPolicy: IfNotPresent - max_csi_volumes_per_node: 125 tolerations: [] serviceAccountName: resources: {} From 4401d71b9231a0426245817c5e43aba1115392aa Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 09:25:49 +0200 Subject: [PATCH 41/46] Add target to run helm template. --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index c737621b..75ae905c 100644 --- a/Makefile +++ b/Makefile @@ -94,3 +94,7 @@ vendor: clean: @echo "==> Cleaning releases" @GOOS=${OS} go clean -i -x ./... + +.PHONY: helm-template +helm-template: + @helm template csi-cloudscale -n kube-system --set nameOverride=csi-cloudscale ./charts/csi-cloudscale \ No newline at end of file From f50c9a39ea5b5245f92993ad8591c530abfe2461 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 09:33:29 +0200 Subject: [PATCH 42/46] Setup custom tag name for chart release. --- .github/workflows/release-chart.yml | 2 ++ cr.yaml | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 cr.yaml diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml index d9732256..5dac2d2e 100644 --- a/.github/workflows/release-chart.yml +++ b/.github/workflows/release-chart.yml @@ -32,5 +32,7 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.0 + with: + config: cr.yaml env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/cr.yaml b/cr.yaml new file mode 100644 index 00000000..65d8e669 --- /dev/null +++ b/cr.yaml @@ -0,0 +1,2 @@ +## chart-releaser config +release-name-template: "helm-{{ .Name }}-{{ .Version }}" \ No newline at end of file From fcc1661019f812802532d9298cd7821c19ff9721 Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 11:15:54 +0200 Subject: [PATCH 43/46] Allow overriding reclaimPolicy and volumeBindingMode. --- charts/csi-cloudscale/templates/storageclass.yaml | 2 ++ charts/csi-cloudscale/values.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/charts/csi-cloudscale/templates/storageclass.yaml b/charts/csi-cloudscale/templates/storageclass.yaml index aaa044d2..45f19ac1 100644 --- a/charts/csi-cloudscale/templates/storageclass.yaml +++ b/charts/csi-cloudscale/templates/storageclass.yaml @@ -12,6 +12,8 @@ metadata: {{- end }} provisioner: {{ $storageClass.provisioner | default $provisioner.name }} allowVolumeExpansion: {{ $storageClass.allowVolumeExpansion | default $csi.allowVolumeExpansion }} +reclaimPolicy: {{ $storageClass.reclaimPolicy | default $csi.reclaimPolicy }} +volumeBindingMode: {{ $storageClass.volumeBindingMode | default $csi.volumeBindingMode }} parameters: csi.cloudscale.ch/volume-type: {{ $storageClass.volumeType }} {{- if $storageClass.luks.enabled }} diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index d687bbb3..16c1cea9 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -8,6 +8,8 @@ nameOverride: csi: allowVolumeExpansion: true + reclaimPolicy: Delete + volumeBindingMode: Immediate storageClasses: - name: cloudscale-volume-ssd volumeType: ssd From 4634f6ea098541a85079ee9aef1a541165ae16ff Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 14:44:50 +0200 Subject: [PATCH 44/46] Add renderNamespace to include namespaces explicitly (required when generating YAML manifests). --- Makefile | 2 +- charts/csi-cloudscale/templates/_helpers.tpl | 8 ++++++++ charts/csi-cloudscale/templates/daemonset.yaml | 1 + charts/csi-cloudscale/templates/rbac.yaml | 1 + charts/csi-cloudscale/templates/serviceaccount.yaml | 2 ++ charts/csi-cloudscale/templates/statefulset.yaml | 1 + charts/csi-cloudscale/templates/storageclass.yaml | 1 + charts/csi-cloudscale/values.yaml | 2 ++ 8 files changed, 17 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 75ae905c..0eb381cb 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ bump-version: @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' README.md @sed -i'' -e 's/${VERSION}/${NEW_VERSION}/g' charts/csi-cloudscale/values.yaml @sed -i'' -e 's/${VERSION:v%=%}/${NEW_VERSION:v%=%}/g' charts/csi-cloudscale/Chart.yaml - @helm template csi-cloudscale -n kube-system --set nameOverride=csi-cloudscale ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml + @helm template csi-cloudscale -n kube-system --set nameOverride=csi-cloudscale --set renderNamespace=true ./charts/csi-cloudscale > deploy/kubernetes/releases/csi-cloudscale-${NEW_VERSION}.yaml $(eval NEW_DATE = $(shell date +%Y.%m.%d)) @sed -i'' -e 's/## unreleased/## ${NEW_VERSION} - ${NEW_DATE}/g' CHANGELOG.md @ echo '## unreleased\n' | cat - CHANGELOG.md > temp && mv temp CHANGELOG.md diff --git a/charts/csi-cloudscale/templates/_helpers.tpl b/charts/csi-cloudscale/templates/_helpers.tpl index 4aaeda27..b2fbfbf2 100644 --- a/charts/csi-cloudscale/templates/_helpers.tpl +++ b/charts/csi-cloudscale/templates/_helpers.tpl @@ -29,3 +29,11 @@ {{ include "csi-cloudscale.driver-name" . }}-node-sa {{- end -}} {{- end -}} + +{{/* When renderNamespace is true, include a Namespace definition. This is for emitting old-school YAMLs */}} +{{- define "csi-cloudscale.namespace-in-yaml-manifest" -}} +{{/* See: https://github.com/helm/helm/issues/5465#issuecomment-473942223 */}} +{{- if .Values.renderNamespace -}} +namespace: {{ .Release.Namespace }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/csi-cloudscale/templates/daemonset.yaml b/charts/csi-cloudscale/templates/daemonset.yaml index 267f5fc0..0879b267 100644 --- a/charts/csi-cloudscale/templates/daemonset.yaml +++ b/charts/csi-cloudscale/templates/daemonset.yaml @@ -3,6 +3,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: {{ include "csi-cloudscale.driver-name" . }}-node + {{ include "csi-cloudscale.namespace-in-yaml-manifest" . }} spec: selector: matchLabels: diff --git a/charts/csi-cloudscale/templates/rbac.yaml b/charts/csi-cloudscale/templates/rbac.yaml index 1c833f62..7013c80a 100644 --- a/charts/csi-cloudscale/templates/rbac.yaml +++ b/charts/csi-cloudscale/templates/rbac.yaml @@ -75,6 +75,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "csi-cloudscale.driver-name" . }}-node-driver-registrar-role + {{ include "csi-cloudscale.namespace-in-yaml-manifest" . }} rules: - apiGroups: [""] resources: ["events"] diff --git a/charts/csi-cloudscale/templates/serviceaccount.yaml b/charts/csi-cloudscale/templates/serviceaccount.yaml index cd0f24e5..12ab9ee5 100644 --- a/charts/csi-cloudscale/templates/serviceaccount.yaml +++ b/charts/csi-cloudscale/templates/serviceaccount.yaml @@ -3,8 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "csi-cloudscale.controller-service-account-name" . }} + {{ include "csi-cloudscale.namespace-in-yaml-manifest" . }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "csi-cloudscale.node-service-account-name" . }} + {{ include "csi-cloudscale.namespace-in-yaml-manifest" . }} diff --git a/charts/csi-cloudscale/templates/statefulset.yaml b/charts/csi-cloudscale/templates/statefulset.yaml index 89ccf058..edd25662 100644 --- a/charts/csi-cloudscale/templates/statefulset.yaml +++ b/charts/csi-cloudscale/templates/statefulset.yaml @@ -3,6 +3,7 @@ kind: StatefulSet apiVersion: apps/v1 metadata: name: {{ include "csi-cloudscale.driver-name" . }}-controller + {{ include "csi-cloudscale.namespace-in-yaml-manifest" . }} spec: serviceName: "csi-cloudscale" selector: diff --git a/charts/csi-cloudscale/templates/storageclass.yaml b/charts/csi-cloudscale/templates/storageclass.yaml index 45f19ac1..15766a0c 100644 --- a/charts/csi-cloudscale/templates/storageclass.yaml +++ b/charts/csi-cloudscale/templates/storageclass.yaml @@ -6,6 +6,7 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: {{ $storageClass.name }} + {{ include "csi-cloudscale.namespace-in-yaml-manifest" $ }} {{- if $storageClass.default }} annotations: storageclass.kubernetes.io/is-default-class: "true" diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 16c1cea9..0d9cd56d 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -127,3 +127,5 @@ driverRegistrar: # memory: 128Mi extraDeploy: [] + +renderNamespace: false \ No newline at end of file From 21a60c5872d0e8036f9e2efb7889e7e9e7c4608d Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 16:07:50 +0200 Subject: [PATCH 45/46] Bumping versions: make NEW_VERSION=v3.3.0 bump-version make NEW_CHART_VERSION=v1.0.0 bump-chart-version --- CHANGELOG.md | 2 + README.md | 26 +- VERSION | 2 +- charts/csi-cloudscale/Chart.yaml | 4 +- charts/csi-cloudscale/values.yaml | 4 +- .../releases/csi-cloudscale-v3.3.0.yaml | 414 ++++++++++++++++++ 6 files changed, 434 insertions(+), 18 deletions(-) create mode 100644 deploy/kubernetes/releases/csi-cloudscale-v3.3.0.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ad0d0f6..50853a64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ## unreleased + +## v3.3.0 - 2022.09.22 * Package as Helm chart. * Always set `CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE` in manifest. diff --git a/README.md b/README.md index c8e95603..49c85614 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ secret `my-pvc-luks-key`. ## Releases The cloudscale.ch CSI plugin follows [semantic versioning](https://semver.org/). -The current version is: **`v3.2.1`**. +The current version is: **`v3.3.0`**. * Bug fixes will be released as a `PATCH` update. * New features (such as CSI spec bumps) will be released as a `MINOR` update. @@ -78,13 +78,13 @@ We recommend using the latest cloudscale.ch CSI driver compatible with your Kube |--------------------|----------------------------------|----------------------------------| | <= 1.16 | | v1.3.1 | | 1.17 | v1.3.1 | v3.0.0 | -| 1.18 | v1.3.1 | v3.2.1 | -| 1.19 | v1.3.1 | v3.2.1 | -| 1.20 | v2.0.0 | v3.2.1 | -| 1.21 | v2.0.0 | v3.2.1 | -| 1.22 | v3.1.0 | v3.2.1 | -| 1.23 | v3.1.0 | v3.2.1 | -| 1.24 | v3.1.0 | v3.2.1 | +| 1.18 | v1.3.1 | v3.3.0 | +| 1.19 | v1.3.1 | v3.3.0 | +| 1.20 | v2.0.0 | v3.3.0 | +| 1.21 | v2.0.0 | v3.3.0 | +| 1.22 | v3.1.0 | v3.3.0 | +| 1.23 | v3.1.0 | v3.3.0 | +| 1.24 | v3.1.0 | v3.3.0 | **Requirements:** @@ -180,10 +180,10 @@ $ helm install -g -n kube-system --set controller.image.tag=dev --set node.image Before you continue, be sure to checkout to a [tagged release](https://github.com/cloudscale-ch/csi-cloudscale/releases). Always use the [latest stable version](https://github.com/cloudscale-ch/csi-cloudscale/releases/latest) -For example, to use the latest stable version (`v3.2.1`) you can execute the following command: +For example, to use the latest stable version (`v3.3.0`) you can execute the following command: ``` -$ kubectl apply -f https://raw.githubusercontent.com/cloudscale-ch/csi-cloudscale/master/deploy/kubernetes/releases/csi-cloudscale-v3.2.1.yaml +$ kubectl apply -f https://raw.githubusercontent.com/cloudscale-ch/csi-cloudscale/master/deploy/kubernetes/releases/csi-cloudscale-v3.3.0.yaml ``` The storage classes `cloudscale-volume-ssd` and `cloudscale-volume-bulk` will be created. The @@ -389,15 +389,15 @@ $ git push origin After it's merged to master, [create a new Github release](https://github.com/cloudscale-ch/csi-cloudscale/releases/new) from -master with the version `v3.2.1` and then publish a new docker build: +master with the version `v3.3.0` and then publish a new docker build: ``` $ git checkout master $ make publish ``` -This will create a binary with version `v3.2.1` and docker image pushed to -`cloudscalech/cloudscale-csi-plugin:v3.2.1` +This will create a binary with version `v3.3.0` and docker image pushed to +`cloudscalech/cloudscale-csi-plugin:v3.3.0` ## Contributing diff --git a/VERSION b/VERSION index 040943e5..b299be97 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v3.2.1 +v3.3.0 diff --git a/charts/csi-cloudscale/Chart.yaml b/charts/csi-cloudscale/Chart.yaml index 2d83101c..220869f1 100644 --- a/charts/csi-cloudscale/Chart.yaml +++ b/charts/csi-cloudscale/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: csi-cloudscale description: A Container Storage Interface Driver for cloudscale.ch volumes. type: application -version: 0.1.1 -appVersion: "3.2.1" +version: 1.0.0 +appVersion: "3.3.0" home: https://github.com/cloudscale-ch/csi-cloudscale sources: - https://github.com/cloudscale-ch/csi-cloudscale.git diff --git a/charts/csi-cloudscale/values.yaml b/charts/csi-cloudscale/values.yaml index 0d9cd56d..827b1de9 100644 --- a/charts/csi-cloudscale/values.yaml +++ b/charts/csi-cloudscale/values.yaml @@ -84,7 +84,7 @@ controller: image: registry: quay.io repository: cloudscalech/cloudscale-csi-plugin - tag: v3.2.1 + tag: v3.3.0 pullPolicy: IfNotPresent serviceAccountName: resources: {} @@ -99,7 +99,7 @@ node: image: registry: quay.io repository: cloudscalech/cloudscale-csi-plugin - tag: v3.2.1 + tag: v3.3.0 pullPolicy: IfNotPresent tolerations: [] serviceAccountName: diff --git a/deploy/kubernetes/releases/csi-cloudscale-v3.3.0.yaml b/deploy/kubernetes/releases/csi-cloudscale-v3.3.0.yaml new file mode 100644 index 00000000..c571e113 --- /dev/null +++ b/deploy/kubernetes/releases/csi-cloudscale-v3.3.0.yaml @@ -0,0 +1,414 @@ +--- +# Source: csi-cloudscale/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-cloudscale-controller-sa + namespace: kube-system +--- +# Source: csi-cloudscale/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-cloudscale-node-sa + namespace: kube-system +--- +# Source: csi-cloudscale/templates/storageclass.yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: cloudscale-volume-ssd + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: csi.cloudscale.ch +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + csi.cloudscale.ch/volume-type: ssd +--- +# Source: csi-cloudscale/templates/storageclass.yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: cloudscale-volume-ssd-luks + namespace: kube-system +provisioner: csi.cloudscale.ch +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + csi.cloudscale.ch/volume-type: ssd + csi.cloudscale.ch/luks-encrypted: "true" + csi.cloudscale.ch/luks-cipher: "aes-xts-plain64" + csi.cloudscale.ch/luks-key-size: "512" + csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace} + csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key +--- +# Source: csi-cloudscale/templates/storageclass.yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: cloudscale-volume-bulk + namespace: kube-system +provisioner: csi.cloudscale.ch +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + csi.cloudscale.ch/volume-type: bulk +--- +# Source: csi-cloudscale/templates/storageclass.yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: cloudscale-volume-bulk-luks + namespace: kube-system +provisioner: csi.cloudscale.ch +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + csi.cloudscale.ch/volume-type: bulk + csi.cloudscale.ch/luks-encrypted: "true" + csi.cloudscale.ch/luks-cipher: "aes-xts-plain64" + csi.cloudscale.ch/luks-key-size: "512" + csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace} + csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "csinodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "nodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-resizer-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-node-driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-cloudscale-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-cloudscale-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-resizer-binding +subjects: + - kind: ServiceAccount + name: csi-cloudscale-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-cloudscale-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-cloudscale-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-cloudscale-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-cloudscale/templates/rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-cloudscale-node-driver-registrar-binding +subjects: + - kind: ServiceAccount + name: csi-cloudscale-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-cloudscale-node-driver-registrar-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-cloudscale/templates/daemonset.yaml +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-cloudscale-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-cloudscale-node + template: + metadata: + labels: + app: csi-cloudscale-node + role: csi-cloudscale + spec: + priorityClassName: system-node-critical + serviceAccount: csi-cloudscale-node-sa + hostNetwork: true + containers: + - name: csi-node-driver-registrar + image: "quay.io/k8scsi/csi-node-driver-registrar:v2.0.1" + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi.cloudscale.ch /registration/csi.cloudscale.ch-reg.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.cloudscale.ch/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-cloudscale-plugin + image: "quay.io/cloudscalech/cloudscale-csi-plugin:v3.3.0" + imagePullPolicy: IfNotPresent + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(CLOUDSCALE_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CLOUDSCALE_API_URL + value: https://api.cloudscale.ch/ + - name: CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE + value: "125" + - name: CLOUDSCALE_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: cloudscale + key: access-token + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: tmpfs + mountPath: /tmp + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.cloudscale.ch + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + # to make sure temporary stored luks keys never touch a disk + - name: tmpfs + emptyDir: + medium: Memory +--- +# Source: csi-cloudscale/templates/statefulset.yaml +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-cloudscale-controller + namespace: kube-system +spec: + serviceName: "csi-cloudscale" + selector: + matchLabels: + app: csi-cloudscale-controller + replicas: 1 + template: + metadata: + labels: + app: csi-cloudscale-controller + role: csi-cloudscale + spec: + hostNetwork: true + priorityClassName: system-cluster-critical + serviceAccount: csi-cloudscale-controller-sa + containers: + - name: csi-provisioner + image: "quay.io/k8scsi/csi-provisioner:v2.0.4" + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--default-fstype=ext4" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: "quay.io/k8scsi/csi-attacher:v3.0.2" + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: "quay.io/k8scsi/csi-resizer:v1.0.1" + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=30s" + - "--v=5" + - "--handle-volume-inuse-error=false" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-cloudscale-plugin + image: "quay.io/cloudscalech/cloudscale-csi-plugin:v3.3.0" + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(CLOUDSCALE_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: CLOUDSCALE_API_URL + value: https://api.cloudscale.ch/ + - name: CLOUDSCALE_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: cloudscale + key: access-token + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: csi-cloudscale/templates/csi_driver.yaml +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.cloudscale.ch +spec: + attachRequired: true + podInfoOnMount: true From aaacbe195b49acbd398c135ed6ad5fb8d22eb24e Mon Sep 17 00:00:00 2001 From: Alain Kaeslin Date: Thu, 22 Sep 2022 16:12:28 +0200 Subject: [PATCH 46/46] Append CHANGELOG.md. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50853a64..83d115ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## v3.3.0 - 2022.09.22 * Package as Helm chart. * Always set `CLOUDSCALE_MAX_CSI_VOLUMES_PER_NODE` in manifest. +* Explicitly set `reclaimPolicy` and `volumeBindingMode` for storage classes to Kubernetes default values. ## v3.2.1 - 2022.07.12 * Ensure that the device has the expected size in NodeExpandVolume to avoid a race-condition that appeared in testing.