From cae266a045e152505e1c9472b425bd28cebc009d Mon Sep 17 00:00:00 2001
From: Elias-elastisys <112404905+Elias-elastisys@users.noreply.github.com>
Date: Wed, 26 Jun 2024 11:26:21 +0200
Subject: [PATCH] Upgrade upcloud csi driver to v1.1.0 and add snapshot
features (#11303)
---
.../csi_driver/upcloud/defaults/main.yml | 2 +-
.../templates/upcloud-csi-controller.yml.j2 | 17 ++++-
.../upcloud/templates/upcloud-csi-node.yml.j2 | 3 +-
.../templates/upcloud-csi-setup.yml.j2 | 63 +++++++++++++++++++
4 files changed, 80 insertions(+), 5 deletions(-)
diff --git a/roles/kubernetes-apps/csi_driver/upcloud/defaults/main.yml b/roles/kubernetes-apps/csi_driver/upcloud/defaults/main.yml
index ea828f333..cc340869a 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/defaults/main.yml
+++ b/roles/kubernetes-apps/csi_driver/upcloud/defaults/main.yml
@@ -3,7 +3,7 @@ upcloud_csi_controller_replicas: 1
upcloud_csi_provisioner_image_tag: "v3.1.0"
upcloud_csi_attacher_image_tag: "v3.4.0"
upcloud_csi_resizer_image_tag: "v1.4.0"
-upcloud_csi_plugin_image_tag: "v0.3.3"
+upcloud_csi_plugin_image_tag: "v1.1.0"
upcloud_csi_node_image_tag: "v2.5.0"
upcloud_username: "{{ lookup('env', 'UPCLOUD_USERNAME') }}"
upcloud_password: "{{ lookup('env', 'UPCLOUD_PASSWORD') }}"
diff --git a/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-controller.yml.j2 b/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-controller.yml.j2
index 1b8519dfa..9ee253673 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-controller.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-controller.yml.j2
@@ -58,13 +58,26 @@ spec:
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
+ - name: csi-snapshotter
+ image: k8s.gcr.io/sig-storage/csi-snapshotter:{{ upcloud_csi_snapshotter_image_tag }}
+ args:
+ - "--csi-address=$(ADDRESS)"
+ - "--v=5"
+ - "--timeout=600s"
+ - "--leader-election=false"
+ env:
+ - name: ADDRESS
+ value: /var/lib/csi/sockets/pluginproxy/csi.sock
+ imagePullPolicy: "Always"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-upcloud-plugin
image: ghcr.io/upcloudltd/upcloud-csi:{{ upcloud_csi_plugin_image_tag }}
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodehost=$(NODE_ID)"
- - "--username=$(UPCLOUD_USERNAME)"
- - "--password=$(UPCLOUD_PASSWORD)"
+ - "--mode=monolith"
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
diff --git a/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-node.yml.j2
index 7ed39be47..36fd75f8a 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-node.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-node.yml.j2
@@ -42,8 +42,7 @@ spec:
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodehost=$(NODE_ID)"
- - "--username=$(UPCLOUD_USERNAME)"
- - "--password=$(UPCLOUD_PASSWORD)"
+ - "--mode=monolith"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
diff --git a/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-setup.yml.j2 b/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-setup.yml.j2
index 5af71d2fb..b43eb24d2 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-setup.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/upcloud/templates/upcloud-csi-setup.yml.j2
@@ -62,6 +62,18 @@ rules:
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents"]
+ verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents/status"]
+ verbs: ["update"]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshots" ]
+ verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
@@ -183,3 +195,54 @@ roleRef:
kind: ClusterRole
name: csi-upcloud-resizer-role
apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: csi-upcloud-snapshotter-role
+rules:
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["list", "watch", "create", "update", "patch"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshots"]
+ verbs: ["get", "list"]
+ - apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotcontents"]
+ verbs: ["get", "list"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["csinodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments"]
+ verbs: ["get", "list", "watch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: csi-upcloud-snapshotter-binding
+subjects:
+ - kind: ServiceAccount
+ name: csi-upcloud-controller-sa
+ namespace: kube-system
+roleRef:
+ kind: ClusterRole
+ name: csi-upcloud-snapshotter-role
+ apiGroup: rbac.authorization.k8s.io
--
GitLab