From 6b43d6aff2e74ebfc803a4f9e062f21303165c4b Mon Sep 17 00:00:00 2001
From: Steffen Becker <steffen.becker@informatik.uni-stuttgart.de>
Date: Fri, 10 Jun 2022 08:37:46 +0200
Subject: [PATCH] Proposed fix to Issue 8667 (#8944)
Proposed fix to Issue 8667
Proposed fix to Issue 8667
---
inventory/sample/group_vars/all/vsphere.yml | 10 +++++-----
.../templates/vsphere-csi-controller-config.yml.j2 | 4 ++++
.../templates/vsphere-csi-controller-deployment.yml.j2 | 8 ++------
.../templates/vsphere-csi-controller-rbac.yml.j2 | 2 --
.../vsphere/templates/vsphere-csi-node.yml.j2 | 4 ----
5 files changed, 11 insertions(+), 17 deletions(-)
diff --git a/inventory/sample/group_vars/all/vsphere.yml b/inventory/sample/group_vars/all/vsphere.yml
index 1a9af8c56..af3cfbe28 100644
--- a/inventory/sample/group_vars/all/vsphere.yml
+++ b/inventory/sample/group_vars/all/vsphere.yml
@@ -14,15 +14,15 @@
## gcr.io/cloud-provider-vsphere/cpi/release/manager
# external_vsphere_cloud_controller_image_tag: "latest"
## gcr.io/cloud-provider-vsphere/csi/release/syncer
-# vsphere_syncer_image_tag: "v2.4.0"
+# vsphere_syncer_image_tag: "v2.5.1"
## registry.k8s.io/sig-storage/csi-attacher
-# vsphere_csi_attacher_image_tag: "v3.3.0"
+# vsphere_csi_attacher_image_tag: "v3.4.0"
## gcr.io/cloud-provider-vsphere/csi/release/driver
-# vsphere_csi_controller: "v2.4.0"
+# vsphere_csi_controller: "v2.5.1"
## registry.k8s.io/sig-storage/livenessprobe
-# vsphere_csi_liveness_probe_image_tag: "v2.4.0"
+# vsphere_csi_liveness_probe_image_tag: "v2.6.0"
## registry.k8s.io/sig-storage/csi-provisioner
-# vsphere_csi_provisioner_image_tag: "v3.0.0"
+# vsphere_csi_provisioner_image_tag: "v3.1.0"
## registry.k8s.io/sig-storage/csi-resizer
## makes sense only for vSphere version >=7.0
# vsphere_csi_resizer_tag: "v1.3.0"
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
index deb47d240..56a28d0b3 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2
@@ -1,7 +1,11 @@
apiVersion: v1
data:
"csi-migration": "false"
+{% if external_vsphere_version >= "7.0" %}
"csi-auth-check": "true"
+{% else %}
+ "csi-auth-check": "false"
+{% endif %}
"online-volume-extend": "true"
"trigger-csi-fullsync": "false"
"async-query-volume": "true"
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2
index a7ff4ffbf..e0c26496c 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2
@@ -88,12 +88,10 @@ spec:
{% endif %}
- name: vsphere-csi-controller
image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_controller }}
-{% if external_vsphere_version >= "7.0u1" %}
args:
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
- "--use-gocsi=false"
-{% endif %}
imagePullPolicy: {{ k8s_image_pull_policy }}
env:
- name: CSI_ENDPOINT
@@ -113,11 +111,11 @@ spec:
value: "100"
- name: INCLUSTER_CLIENT_BURST
value: "100"
+{% endif %}
- name: CSI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
-{% endif %}
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
@@ -154,10 +152,8 @@ spec:
image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/syncer:{{ vsphere_syncer_image_tag }}
args:
- "--leader-election"
-{% if external_vsphere_version >= "7.0u1" %}
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
-{% endif %}
imagePullPolicy: {{ k8s_image_pull_policy }}
ports:
- containerPort: 2113
@@ -175,11 +171,11 @@ spec:
value: "100"
- name: INCLUSTER_CLIENT_BURST
value: "100"
+{% endif %}
- name: CSI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
-{% endif %}
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2
index d2f0758ed..80797063a 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2
@@ -41,7 +41,6 @@ rules:
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "patch", "update"]
-{% if external_vsphere_version >= "7.0u1" %}
- apiGroups: ["cns.vmware.com"]
resources: ["triggercsifullsyncs"]
verbs: ["create", "get", "update", "watch", "list"]
@@ -57,7 +56,6 @@ rules:
- apiGroups: [ "cns.vmware.com" ]
resources: [ "csinodetopologies" ]
verbs: ["get", "update", "watch", "list"]
-{% endif %}
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2
index c0ec36c21..53c90cd1a 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2
@@ -55,12 +55,10 @@ spec:
- name: vsphere-csi-node
image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_driver_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
-{% if external_vsphere_version >= "7.0u1" %}
args:
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
- "--use-gocsi=false"
-{% endif %}
imagePullPolicy: "Always"
env:
- name: NODE_NAME
@@ -81,12 +79,10 @@ spec:
value: "true"
- name: LOGGER_LEVEL
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
-{% if external_vsphere_version >= "7.0u1" %}
- name: CSI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
-{% endif %}
- name: NODEGETINFO_WATCH_TIMEOUT_MINUTES
value: "1"
securityContext:
--
GitLab