From 1a07c87af72766017f8a50441b7493e91a677b27 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison <hswong3i@gmail.com>
Date: Fri, 17 Aug 2018 11:12:01 +0800
Subject: [PATCH] cephfs-provisioner: Upgrade to v2.0.0-k8s1.11

Upstream Changes:

-   cephfs-provisioner v2.0.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.0.0-k8s1.11)
-   Update ClusterRole

Our Changes:

-   Fix typo in defaults/main.yml (rs -> deploy)
-   Manifests cleanup
---
 README.md                                     |  2 +-
 roles/download/defaults/main.yml              |  2 +-
 .../cephfs_provisioner/tasks/main.yml         |  2 +-
 .../clusterrole-cephfs-provisioner.yml.j2     |  5 ++++-
 ...usterrolebinding-cephfs-provisioner.yml.j2 |  1 -
 .../deploy-cephfs-provisioner.yml.j2          | 20 +++++++++----------
 6 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index aad80b7df..2c29c7ae2 100644
--- a/README.md
+++ b/README.md
@@ -102,7 +102,7 @@ Supported Components
     -   [flanneld](https://github.com/coreos/flannel) v0.10.0
     -   [weave](https://github.com/weaveworks/weave) v2.4.0
 -   Application
-    -   [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v1.1.0-k8s1.10
+    -   [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.0.0-k8s1.11
     -   [cert-manager](https://github.com/jetstack/cert-manager) v0.4.1
     -   [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.18.0
 
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 32dc6802a..2d21cf92c 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -136,7 +136,7 @@ registry_proxy_image_tag: "0.4"
 local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
 local_volume_provisioner_image_tag: "v2.1.0"
 cephfs_provisioner_image_repo: "quay.io/external_storage/cephfs-provisioner"
-cephfs_provisioner_image_tag: "v1.1.0-k8s1.10"
+cephfs_provisioner_image_tag: "v2.0.0-k8s1.11"
 ingress_nginx_controller_image_repo: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller"
 ingress_nginx_controller_image_tag: "0.18.0"
 ingress_nginx_default_backend_image_repo: "gcr.io/google_containers/defaultbackend"
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
index f526e95cd..7b78080c3 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
@@ -49,7 +49,7 @@
     - { name: clusterrolebinding-cephfs-provisioner, file: clusterrolebinding-cephfs-provisioner.yml, type: clusterrolebinding }
     - { name: role-cephfs-provisioner, file: role-cephfs-provisioner.yml, type: role }
     - { name: rolebinding-cephfs-provisioner, file: rolebinding-cephfs-provisioner.yml, type: rolebinding }
-    - { name: deploy-cephfs-provisioner, file: deploy-cephfs-provisioner.yml, type: rs }
+    - { name: deploy-cephfs-provisioner, file: deploy-cephfs-provisioner.yml, type: deploy }
     - { name: sc-cephfs-provisioner, file: sc-cephfs-provisioner.yml, type: sc }
   register: cephfs_provisioner_manifests
   when: inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2
index e714c3cb2..398956b68 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrole-cephfs-provisioner.yml.j2
@@ -16,7 +16,10 @@ rules:
     verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
-    verbs: ["list", "watch", "create", "update", "patch"]
+    verbs: ["create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get", "create", "delete"]
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrolebinding-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrolebinding-cephfs-provisioner.yml.j2
index 83325f1f8..cc5d5ff5b 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrolebinding-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/clusterrolebinding-cephfs-provisioner.yml.j2
@@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: cephfs-provisioner
-  namespace: {{ cephfs_provisioner_namespace }}
 subjects:
   - kind: ServiceAccount
     name: cephfs-provisioner
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
index b39faab14..17c8c3d36 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
@@ -2,23 +2,26 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: cephfs-provisioner-v{{ cephfs_provisioner_image_tag }}
+  name: cephfs-provisioner-{{ cephfs_provisioner_image_tag }}
   namespace: {{ cephfs_provisioner_namespace }}
   labels:
-    k8s-app: cephfs-provisioner
-    version: v{{ cephfs_provisioner_image_tag }}
+    app: cephfs-provisioner
+    version: {{ cephfs_provisioner_image_tag }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      k8s-app: cephfs-provisioner
-      version: v{{ cephfs_provisioner_image_tag }}
+      app: cephfs-provisioner
+      version: {{ cephfs_provisioner_image_tag }}
   template:
     metadata:
       labels:
-        k8s-app: cephfs-provisioner
-        version: v{{ cephfs_provisioner_image_tag }}
+        app: cephfs-provisioner
+        version: {{ cephfs_provisioner_image_tag }}
     spec:
+{% if rbac_enabled %}
+      serviceAccount: cephfs-provisioner
+{% endif %}
       containers:
         - name: cephfs-provisioner
           image: {{ cephfs_provisioner_image_repo }}:{{ cephfs_provisioner_image_tag }}
@@ -30,6 +33,3 @@ spec:
             - "/usr/local/bin/cephfs-provisioner"
           args:
             - "-id=cephfs-provisioner-1"
-{% if rbac_enabled %}
-      serviceAccount: cephfs-provisioner
-{% endif %}
-- 
GitLab