From 0e969c0b723672a35061d0b22b428a4250b14783 Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Fri, 10 Dec 2021 21:07:23 +0200
Subject: [PATCH] vSphere-CSI: update to 2.4.0 (#8295)
---
inventory/sample/group_vars/all/vsphere.yml | 20 +--
.../csi_driver/vsphere/defaults/main.yml | 16 +--
.../csi_driver/vsphere/tasks/main.yml | 12 +-
.../vsphere-csi-controller-config.yml.j2 | 15 ++
.../vsphere-csi-controller-deployment.yml.j2 | 73 ++++------
.../vsphere-csi-controller-rbac.yml.j2 | 25 +++-
.../vsphere-csi-controller-service.yml.j2 | 19 +++
.../vsphere-csi-controller-ss.yml.j2 | 131 ------------------
.../templates/vsphere-csi-driver.yml.j2 | 7 +
...c.yaml.j2 => vsphere-csi-node-rbac.yml.j2} | 25 ++++
.../vsphere/templates/vsphere-csi-node.yml.j2 | 53 +++----
11 files changed, 155 insertions(+), 241 deletions(-)
create mode 100644 roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
create mode 100644 roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2
delete mode 100644 roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2
create mode 100644 roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2
rename roles/kubernetes-apps/csi_driver/vsphere/templates/{vsphere-csi-node-rbac.yaml.j2 => vsphere-csi-node-rbac.yml.j2} (50%)
diff --git a/inventory/sample/group_vars/all/vsphere.yml b/inventory/sample/group_vars/all/vsphere.yml
index 5b4e5f208..1c57ec645 100644
--- a/inventory/sample/group_vars/all/vsphere.yml
+++ b/inventory/sample/group_vars/all/vsphere.yml
@@ -14,18 +14,18 @@
## gcr.io/cloud-provider-vsphere/cpi/release/manager
# external_vsphere_cloud_controller_image_tag: "latest"
## gcr.io/cloud-provider-vsphere/csi/release/syncer
-# vsphere_syncer_image_tag: "v2.2.1"
-## quay.io/k8scsi/csi-attacher
-# vsphere_csi_attacher_image_tag: "v3.1.0"
+# vsphere_syncer_image_tag: "v2.4.0"
+## k8s.gcr.io/sig-storage/csi-attacher
+# vsphere_csi_attacher_image_tag: "v3.3.0"
## gcr.io/cloud-provider-vsphere/csi/release/driver
-# vsphere_csi_controller: "v2.2.1"
-## quay.io/k8scsi/livenessprobe
-# vsphere_csi_liveness_probe_image_tag: "v2.2.0"
-## quay.io/k8scsi/csi-provisioner
-# vsphere_csi_provisioner_image_tag: "v2.1.0"
-## quay.io/k8scsi/csi-resizer
+# vsphere_csi_controller: "v2.4.0"
+## k8s.gcr.io/sig-storage/livenessprobe
+# vsphere_csi_liveness_probe_image_tag: "v2.4.0"
+## k8s.gcr.io/sig-storage/csi-provisioner
+# vsphere_csi_provisioner_image_tag: "v3.0.0"
+## k8s.gcr.io/sig-storage/csi-resizer
## makes sense only for vSphere version >=7.0
-# vsphere_csi_resizer_tag: "v1.1.0"
+# vsphere_csi_resizer_tag: "v1.3.0"
## To use vSphere CSI plugin to provision volumes set this value to true
# vsphere_csi_enabled: true
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml
index 612ad4384..d708019c3 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml
+++ b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml
@@ -4,14 +4,14 @@ external_vsphere_insecure: "true"
external_vsphere_kubernetes_cluster_id: "kubernetes-cluster-id"
external_vsphere_version: "6.7u3"
-vsphere_syncer_image_tag: "v1.0.2"
-vsphere_csi_attacher_image_tag: "v1.1.1"
-vsphere_csi_controller: "v1.0.2"
-vsphere_csi_liveness_probe_image_tag: "v1.1.0"
-vsphere_csi_provisioner_image_tag: "v1.2.2"
-vsphere_csi_node_driver_registrar_image_tag: "v1.1.0"
-vsphere_csi_driver_image_tag: "v1.0.2"
-vsphere_csi_resizer_tag: "v1.0.0"
+vsphere_syncer_image_tag: "v2.4.0"
+vsphere_csi_attacher_image_tag: "v3.3.0"
+vsphere_csi_controller: "v2.4.0"
+vsphere_csi_liveness_probe_image_tag: "v2.4.0"
+vsphere_csi_provisioner_image_tag: "v3.0.0"
+vsphere_csi_node_driver_registrar_image_tag: "v2.3.0"
+vsphere_csi_driver_image_tag: "v2.4.0"
+vsphere_csi_resizer_tag: "v1.3.0"
vsphere_csi_controller_replicas: 1
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
index 2015b6326..58688ae4a 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
@@ -2,11 +2,6 @@
- include_tasks: vsphere-credentials-check.yml
tags: vsphere-csi-driver
-- name: vSphere CSI Driver | Choose how to deploy CSI driver based on controller version
- set_fact:
- controller_spec: "{% if vsphere_csi_controller is version('v2.0.0', '<') %}vsphere-csi-controller-ss.yml{% else %}vsphere-csi-controller-deployment.yml{% endif %}"
- tags: vsphere-csi-driver
-
- name: vSphere CSI Driver | Generate CSI cloud-config
template:
src: "{{ item }}.j2"
@@ -22,9 +17,12 @@
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
with_items:
+ - vsphere-csi-driver.yml
- vsphere-csi-controller-rbac.yml
- - vsphere-csi-node-rbac.yaml
- - "{{ controller_spec }}"
+ - vsphere-csi-node-rbac.yml
+ - vsphere-csi-controller-config.yml
+ - vsphere-csi-controller-deployment.yml
+ - vsphere-csi-controller-service.yml
- vsphere-csi-node.yml
register: vsphere_csi_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
new file mode 100644
index 000000000..abf784100
--- /dev/null
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+ "csi-migration": "false"
+ "csi-auth-check": "true"
+ "online-volume-extend": "true"
+ "trigger-csi-fullsync": "false"
+ "async-query-volume": "true"
+ "improved-csi-idempotency": "true"
+ "improved-volume-topology": "true"
+ "block-volume-snapshot": "false"
+ "csi-windows-support": "false"
+kind: ConfigMap
+metadata:
+ name: internal-feature-states.csi.vsphere.vmware.com
+ namespace: kube-system
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2
index 3e3b276b9..d6e8f6003 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2
@@ -5,6 +5,11 @@ metadata:
namespace: kube-system
spec:
replicas: {{ vsphere_csi_controller_replicas }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+ maxSurge: 0
selector:
matchLabels:
app: vsphere-csi-controller
@@ -14,6 +19,16 @@ spec:
app: vsphere-csi-controller
role: vsphere-csi
spec:
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: "app"
+ operator: In
+ values:
+ - vsphere-csi-controller
+ topologyKey: "kubernetes.io/hostname"
serviceAccountName: vsphere-csi-controller
nodeSelector:
node-role.kubernetes.io/control-plane: ""
@@ -39,12 +54,14 @@ spec:
dnsPolicy: "Default"
containers:
- name: csi-attacher
- image: {{ quay_image_repo }}/k8scsi/csi-attacher:{{ vsphere_csi_attacher_image_tag }}
+ image: {{ kube_image_repo }}/sig-storage/csi-attacher:{{ vsphere_csi_attacher_image_tag }}
args:
- "--v=4"
- "--timeout=300s"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
+ - "--kube-api-qps=100"
+ - "--kube-api-burst=100"
env:
- name: ADDRESS
value: /csi/csi.sock
@@ -53,17 +70,15 @@ spec:
name: socket-dir
{% if external_vsphere_version >= "7.0" %}
- name: csi-resizer
- image: {{ quay_image_repo }}/k8scsi/csi-resizer:{{ vsphere_csi_resizer_tag }}
+ image: {{ kube_image_repo }}/sig-storage/csi-resizer:{{ vsphere_csi_resizer_tag }}
args:
- "--v=4"
- "--timeout=300s"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
-{% if vsphere_csi_controller is version('v2.2.0', '>=') %}
- "--handle-volume-inuse-error=false"
- "--kube-api-qps=100"
- "--kube-api-burst=100"
-{% endif %}
env:
- name: ADDRESS
value: /csi/csi.sock
@@ -77,6 +92,7 @@ spec:
args:
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
+ - "--use-gocsi=false"
{% endif %}
imagePullPolicy: {{ k8s_image_pull_policy }}
env:
@@ -84,6 +100,10 @@ spec:
value: unix://{{ csi_endpoint }}/csi.sock
- name: X_CSI_MODE
value: "controller"
+ - name: X_CSI_SPEC_DISABLE_LEN_CHECK
+ value: "true"
+ - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT
+ value: 3m
- name: VSPHERE_CSI_CONFIG
value: "/etc/cloud/csi-vsphere.conf"
- name: LOGGER_LEVEL
@@ -98,8 +118,6 @@ spec:
fieldRef:
fieldPath: metadata.namespace
{% endif %}
- - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT
- value: 3m
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
@@ -122,7 +140,7 @@ spec:
periodSeconds: 5
failureThreshold: 3
- name: liveness-probe
- image: {{ quay_image_repo }}/k8scsi/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }}
+ image: {{ kube_image_repo }}/sig-storage/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }}
args:
- "--v=4"
- "--csi-address=$(ADDRESS)"
@@ -167,7 +185,7 @@ spec:
name: vsphere-config-volume
readOnly: true
- name: csi-provisioner
- image: {{ quay_image_repo }}/k8scsi/csi-provisioner:{{ vsphere_csi_provisioner_image_tag }}
+ image: {{ kube_image_repo }}/sig-storage/csi-provisioner:{{ vsphere_csi_provisioner_image_tag }}
args:
- "--v=4"
- "--timeout=300s"
@@ -193,42 +211,3 @@ spec:
secretName: vsphere-config-secret
- name: socket-dir
emptyDir: {}
----
-apiVersion: v1
-data:
- "csi-migration": "false" # csi-migration feature is only available for vSphere 7.0U1
- "csi-auth-check": "true"
- "online-volume-extend": "true"
-kind: ConfigMap
-metadata:
- name: internal-feature-states.csi.vsphere.vmware.com
- namespace: kube-system
----
-apiVersion: storage.k8s.io/v1 # For k8s 1.17 or lower use storage.k8s.io/v1beta1
-kind: CSIDriver
-metadata:
- name: csi.vsphere.vmware.com
-spec:
- attachRequired: true
- podInfoOnMount: false
----
-apiVersion: v1
-kind: Service
-metadata:
- name: vsphere-csi-controller
- namespace: kube-system
- labels:
- app: vsphere-csi-controller
-spec:
- ports:
- - name: ctlr
- port: 2112
- targetPort: 2112
- protocol: TCP
- - name: syncer
- port: 2113
- targetPort: 2113
- protocol: TCP
- selector:
- app: vsphere-csi-controller
-
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2
index d0abaf56b..ad5569185 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2
@@ -39,18 +39,37 @@ rules:
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "patch"]
{% if external_vsphere_version >= "7.0u1" %}
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["triggercsifullsyncs"]
+ verbs: ["create", "get", "update", "watch", "list"]
- apiGroups: ["cns.vmware.com"]
resources: ["cnsvspherevolumemigrations"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
- verbs: ["get", "create"]
+ verbs: ["get", "create", "update"]
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["cnsvolumeoperationrequests"]
+ verbs: ["create", "get", "list", "update", "delete"]
+ - apiGroups: [ "cns.vmware.com" ]
+ resources: [ "csinodetopologies" ]
+ verbs: ["get", "update", "watch", "list"]
{% endif %}
-{% if vsphere_csi_controller is version('v2.0.0', '>=') %}
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
-{% endif %}
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshots" ]
+ verbs: [ "get", "list" ]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshotclasses" ]
+ verbs: [ "watch", "get", "list" ]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshotcontents" ]
+ verbs: [ "create", "get", "list", "watch", "update", "delete" ]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshotcontents/status" ]
+ verbs: [ "update", "patch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2
new file mode 100644
index 000000000..ccded9b72
--- /dev/null
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: vsphere-csi-controller
+ namespace: kube-system
+ labels:
+ app: vsphere-csi-controller
+spec:
+ ports:
+ - name: ctlr
+ port: 2112
+ targetPort: 2112
+ protocol: TCP
+ - name: syncer
+ port: 2113
+ targetPort: 2113
+ protocol: TCP
+ selector:
+ app: vsphere-csi-controller
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2
deleted file mode 100644
index 4a8a4b178..000000000
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2
+++ /dev/null
@@ -1,131 +0,0 @@
-kind: StatefulSet
-apiVersion: apps/v1
-metadata:
- name: vsphere-csi-controller
- namespace: kube-system
-spec:
- serviceName: vsphere-csi-controller
- replicas: {{ vsphere_csi_controller_replicas }}
- updateStrategy:
- type: "RollingUpdate"
- selector:
- matchLabels:
- app: vsphere-csi-controller
- template:
- metadata:
- labels:
- app: vsphere-csi-controller
- role: vsphere-csi
- spec:
- serviceAccountName: vsphere-csi-controller
- nodeSelector:
- node-role.kubernetes.io/control-plane: ""
- tolerations:
- - operator: "Exists"
- key: node-role.kubernetes.io/master
- effect: NoSchedule
- - operator: "Exists"
- key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
- dnsPolicy: "Default"
- containers:
- - name: csi-attacher
- image: {{ quay_image_repo }}/k8scsi/csi-attacher:{{ vsphere_csi_attacher_image_tag }}
- args:
- - "--v=4"
- - "--timeout=300s"
- - "--csi-address=$(ADDRESS)"
- env:
- - name: ADDRESS
- value: /csi/csi.sock
- volumeMounts:
- - mountPath: /csi
- name: socket-dir
- - name: vsphere-csi-controller
- image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_controller }}
- imagePullPolicy: {{ k8s_image_pull_policy }}
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh", "-c", "rm -rf /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com"]
- args:
- - "--v=4"
- env:
- - name: CSI_ENDPOINT
- value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- - name: X_CSI_MODE
- value: "controller"
- - name: VSPHERE_CSI_CONFIG
- value: "/etc/cloud/csi-vsphere.conf"
- volumeMounts:
- - mountPath: /etc/cloud
- name: vsphere-config-volume
- readOnly: true
- - mountPath: /var/lib/csi/sockets/pluginproxy/
- name: socket-dir
- ports:
- - name: healthz
- containerPort: 9808
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- initialDelaySeconds: 10
- timeoutSeconds: 3
- periodSeconds: 5
- failureThreshold: 3
- - name: liveness-probe
- image: {{ quay_image_repo }}/k8scsi/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }}
- args:
- - "--csi-address=$(ADDRESS)"
- env:
- - name: ADDRESS
- value: /var/lib/csi/sockets/pluginproxy/csi.sock
- volumeMounts:
- - mountPath: /var/lib/csi/sockets/pluginproxy/
- name: socket-dir
- - name: vsphere-syncer
- image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/syncer:{{ vsphere_syncer_image_tag }}
- imagePullPolicy: {{ k8s_image_pull_policy }}
- args:
- - "--v=2"
- env:
- - name: FULL_SYNC_INTERVAL_MINUTES
- value: "30"
- - name: VSPHERE_CSI_CONFIG
- value: "/etc/cloud/csi-vsphere.conf"
- volumeMounts:
- - mountPath: /etc/cloud
- name: vsphere-config-volume
- readOnly: true
- - name: csi-provisioner
- image: {{ quay_image_repo }}/k8scsi/csi-provisioner:{{ vsphere_csi_provisioner_image_tag }}
- args:
- - "--v=4"
- - "--timeout=300s"
- - "--csi-address=$(ADDRESS)"
- - "--feature-gates=Topology=true"
- - "--strict-topology"
- env:
- - name: ADDRESS
- value: /csi/csi.sock
- volumeMounts:
- - mountPath: /csi
- name: socket-dir
- volumes:
- - name: vsphere-config-volume
- secret:
- secretName: vsphere-config-secret
- - name: socket-dir
- hostPath:
- path: /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com
- type: DirectoryOrCreate
----
-apiVersion: storage.k8s.io/v1
-kind: CSIDriver
-metadata:
- name: csi.vsphere.vmware.com
-spec:
- attachRequired: true
- podInfoOnMount: false
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2
new file mode 100644
index 000000000..ad3260e52
--- /dev/null
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2
@@ -0,0 +1,7 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+ name: csi.vsphere.vmware.com
+spec:
+ attachRequired: true
+ podInfoOnMount: false
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yaml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2
similarity index 50%
rename from roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yaml.j2
rename to roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2
index 34aa1ed6f..98e06529a 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yaml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2
@@ -5,6 +5,31 @@ metadata:
name: vsphere-csi-node
namespace: kube-system
---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-node-cluster-role
+rules:
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["csinodetopologies"]
+ verbs: ["create", "watch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-node-cluster-role-binding
+subjects:
+ - kind: ServiceAccount
+ name: vsphere-csi-node
+ namespace: kube-system
+roleRef:
+ kind: ClusterRole
+ name: vsphere-csi-node-cluster-role
+ apiGroup: rbac.authorization.k8s.io
+---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2
index 9c61a0907..3fae91e3d 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2
@@ -17,10 +17,14 @@ spec:
app: vsphere-csi-node
role: vsphere-csi
spec:
- dnsPolicy: "Default"
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccountName: vsphere-csi-node
+ hostNetwork: true
+ dnsPolicy: "ClusterFirstWithHostNet"
containers:
- name: node-driver-registrar
- image: {{ quay_image_repo }}/k8scsi/csi-node-driver-registrar:{{ vsphere_csi_node_driver_registrar_image_tag }}
+ image: {{ kube_image_repo }}/sig-storage/csi-node-driver-registrar:{{ vsphere_csi_node_driver_registrar_image_tag }}
{% if external_vsphere_version < "7.0u1" %}
lifecycle:
preStop:
@@ -31,34 +35,23 @@ spec:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
-{% if external_vsphere_version >= "7.0u1" %}
- - "--health-port=9809"
-{% endif %}
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock
-{% if vsphere_csi_controller is version('v2.2.0', '<') %}
- securityContext:
- privileged: true
-{% endif %}
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
-{% if external_vsphere_version >= "7.0u1" %}
- ports:
- - containerPort: 9809
- name: healthz
livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- initialDelaySeconds: 5
- timeoutSeconds: 5
-{% endif %}
+ exec:
+ command:
+ - /csi-node-driver-registrar
+ - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock
+ - --mode=kubelet-registration-probe
+ initialDelaySeconds: 3
- name: vsphere-csi-node
image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_driver_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
@@ -66,6 +59,7 @@ spec:
args:
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
+ - "--use-gocsi=false"
{% endif %}
imagePullPolicy: "Always"
env:
@@ -75,13 +69,12 @@ spec:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
+ - name: MAX_VOLUMES_PER_NODE
+ value: "59" # Maximum number of volumes that controller can publish to the node. If value is not set or zero Kubernetes decide how many volumes can be published by the controller to the node.
- name: X_CSI_MODE
value: "node"
- name: X_CSI_SPEC_REQ_VALIDATION
value: "false"
- # needed only for topology aware setups
- #- name: VSPHERE_CSI_CONFIG
- # value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag
- name: X_CSI_DEBUG
value: "true"
- name: LOGGER_LEVEL
@@ -92,16 +85,14 @@ spec:
fieldRef:
fieldPath: metadata.namespace
{% endif %}
+ - name: NODEGETINFO_WATCH_TIMEOUT_MINUTES
+ value: "1"
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
volumeMounts:
- # needed only for topology aware setups
- #- name: vsphere-config-volume
- # mountPath: /etc/cloud
- # readOnly: true
- name: plugin-dir
mountPath: /csi
- name: pods-mount-dir
@@ -111,12 +102,10 @@ spec:
mountPropagation: "Bidirectional"
- name: device-dir
mountPath: /dev
-{% if vsphere_csi_controller is version('v2.2.0', '>=') %}
- name: blocks-dir
mountPath: /sys/block
- name: sys-devices-dir
mountPath: /sys/devices
-{% endif %}
ports:
- containerPort: 9808
name: healthz
@@ -129,7 +118,7 @@ spec:
periodSeconds: 5
failureThreshold: 3
- name: liveness-probe
- image: {{ quay_image_repo }}/k8scsi/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }}
+ image: {{ kube_image_repo }}/sig-storage/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }}
args:
{% if external_vsphere_version >= "7.0u1" %}
- "--v=4"
@@ -139,10 +128,6 @@ spec:
- name: plugin-dir
mountPath: /csi
volumes:
- # needed only for topology aware setups
- #- name: vsphere-config-volume
- # secret:
- # secretName: vsphere-config-secret
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry
@@ -158,7 +143,6 @@ spec:
- name: device-dir
hostPath:
path: /dev
-{% if vsphere_csi_controller is version('v2.2.0', '>=') %}
- name: blocks-dir
hostPath:
path: /sys/block
@@ -167,7 +151,6 @@ spec:
hostPath:
path: /sys/devices
type: Directory
-{% endif %}
tolerations:
- effect: NoExecute
operator: Exists
--
GitLab