From fa245ffdd52cbc79bc0c17351b6d1443958a6ee2 Mon Sep 17 00:00:00 2001
From: Steven Reitsma <steven@properchaos.nl>
Date: Mon, 17 Feb 2020 12:47:29 +0100
Subject: [PATCH] Fix some minor issues with the Cinder CSI plugin (#5561)

Add Cinder images to download role
---
 roles/download/defaults/main.yml              | 67 +++++++++++++++++++
 .../cinder-csi-controllerplugin.yml.j2        | 17 +++--
 .../cinder/templates/cinder-csi-driver.yml.j2 |  2 +-
 .../templates/cinder-csi-nodeplugin.yml.j2    | 15 +++--
 .../cinder-csi/defaults/main.yml              |  1 +
 5 files changed, 92 insertions(+), 10 deletions(-)

diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index bc5ea914a..c6dff49a0 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -459,6 +459,19 @@ addon_resizer_version: "1.8.3"
 addon_resizer_image_repo: "{{ kube_image_repo }}/addon-resizer"
 addon_resizer_image_tag: "{{ addon_resizer_version }}"
 
+cinder_csi_attacher_image_repo: "{{ quay_image_repo }}/k8scsi/csi-attacher"
+cinder_csi_attacher_image_tag: "v1.2.1"
+cinder_csi_provisioner_image_repo: "{{ quay_image_repo }}/k8scsi/csi-provisioner"
+cinder_csi_provisioner_image_tag: "v1.3.0"
+cinder_csi_snapshotter_image_repo: "{{ quay_image_repo }}/k8scsi/csi-snapshotter"
+cinder_csi_snapshotter_image_tag: "v1.2.0"
+cinder_csi_resizer_image_repo: "{{ quay_image_repo }}/k8scsi/csi-resizer"
+cinder_csi_resizer_image_tag: "v0.2.0"
+cinder_csi_plugin_image_repo: "{{ docker_image_repo }}/k8scloudprovider/cinder-csi-plugin"
+cinder_csi_plugin_image_tag: "latest"
+cinder_csi_node_driver_registrar_image_repo: "{{ quay_image_repo }}/k8scsi/csi-node-driver-registrar"
+cinder_csi_node_driver_registrar_image_tag: "v1.1.0"
+
 dashboard_image_repo: "{{ gcr_image_repo }}/google_containers/kubernetes-dashboard-{{ image_arch }}"
 dashboard_image_tag: "v1.10.1"
 
@@ -948,6 +961,60 @@ downloads:
     groups:
       - kube-node
 
+  cinder_csi_attacher:
+    enabled: "{{ cinder_csi_enabled }}"
+    container: true
+    repo: "{{ cinder_csi_attacher_image_repo }}"
+    tag: "{{ cinder_csi_attacher_image_tag }}"
+    sha256: "{{ cinder_csi_attacher_digest_checksum|default(None) }}"
+    groups:
+      - kube-node
+
+  cinder_csi_provisioner:
+    enabled: "{{ cinder_csi_enabled }}"
+    container: true
+    repo: "{{ cinder_csi_provisioner_image_repo }}"
+    tag: "{{ cinder_csi_provisioner_image_tag }}"
+    sha256: "{{ cinder_csi_provisioner_digest_checksum|default(None) }}"
+    groups:
+      - kube-node
+
+  cinder_csi_snapshotter:
+    enabled: "{{ cinder_csi_enabled }}"
+    container: true
+    repo: "{{ cinder_csi_snapshotter_image_repo }}"
+    tag: "{{ cinder_csi_snapshotter_image_tag }}"
+    sha256: "{{ cinder_csi_snapshotter_digest_checksum|default(None) }}"
+    groups:
+      - kube-node
+
+  cinder_csi_resizer:
+    enabled: "{{ cinder_csi_enabled }}"
+    container: true
+    repo: "{{ cinder_csi_resizer_image_repo }}"
+    tag: "{{ cinder_csi_resizer_image_tag }}"
+    sha256: "{{ cinder_csi_resizer_digest_checksum|default(None) }}"
+    groups:
+      - kube-node
+
+  cinder_csi_plugin:
+    enabled: "{{ cinder_csi_enabled }}"
+    container: true
+    repo: "{{ cinder_csi_plugin_image_repo }}"
+    tag: "{{ cinder_csi_plugin_image_tag }}"
+    sha256: "{{ cinder_csi_plugin_digest_checksum|default(None) }}"
+    groups:
+      - kube-node
+
+  cinder_csi_node_driver_registrar:
+    enabled: "{{ cinder_csi_enabled }}"
+    container: true
+    repo: "{{ cinder_csi_node_driver_registrar_image_repo }}"
+    tag: "{{ cinder_csi_node_driver_registrar_image_tag }}"
+    sha256: "{{ cinder_csi_node_driver_registrar_digest_checksum|default(None) }}"
+    groups:
+      - kube-node
+
   dashboard:
     enabled: "{{ dashboard_enabled }}"
     container: true
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
index 564451a3d..659f21335 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
@@ -20,7 +20,7 @@ spec:
       serviceAccount: csi-cinder-controller-sa
       containers:
         - name: csi-attacher
-          image: quay.io/k8scsi/csi-attacher:v1.2.1
+          image: {{ cinder_csi_attacher_image_repo }}:{{ cinder_csi_attacher_image_tag }}
           args:
             - "--v=5"
             - "--csi-address=$(ADDRESS)"
@@ -32,7 +32,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: csi-provisioner
-          image: quay.io/k8scsi/csi-provisioner:v1.3.0
+          image: {{ cinder_csi_provisioner_image_repo }}:{{ cinder_csi_provisioner_image_tag }}
           args:
             - "--csi-address=$(ADDRESS)"
           env:
@@ -43,7 +43,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: csi-snapshotter
-          image: quay.io/k8scsi/csi-snapshotter:v1.2.0
+          image: {{ cinder_csi_snapshotter_image_repo }}:{{ cinder_csi_snapshotter_image_tag }}
           args:
             - "--csi-address=$(ADDRESS)"
           env:
@@ -54,7 +54,7 @@ spec:
             - mountPath: /var/lib/csi/sockets/pluginproxy/
               name: socket-dir
         - name: csi-resizer
-          image: quay.io/k8scsi/csi-resizer:v0.2.0
+          image: {{ cinder_csi_resizer_image_repo }}:{{ cinder_csi_resizer_image_tag }}
           args:
             - "--csi-address=$(ADDRESS)"
           env:
@@ -65,7 +65,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: cinder-csi-plugin
-          image: docker.io/k8scloudprovider/cinder-csi-plugin:latest
+          image: {{ cinder_csi_plugin_image_repo }}:{{ cinder_csi_plugin_image_tag }}
           args :
             - /bin/cinder-csi-plugin
             - "--nodeid=$(NODE_ID)"
@@ -90,6 +90,9 @@ spec:
             - name: secret-cinderplugin
               mountPath: /etc/config
               readOnly: true
+            - name: ca-certs
+              mountPath: /etc/ssl/certs
+              readOnly: true
 {% if cinder_cacert is defined and cinder_cacert != "" %}
             - name: cinder-cacert
               mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -101,6 +104,10 @@ spec:
         - name: secret-cinderplugin
           secret:
             secretName: cloud-config
+        - name: ca-certs
+          hostPath:
+            path: /etc/ssl/certs
+            type: DirectoryOrCreate
 {% if cinder_cacert is defined and cinder_cacert != "" %}
         - name: cinder-cacert
           hostPath:
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-driver.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-driver.yml.j2
index 671e2ec13..c2a9ee179 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-driver.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-driver.yml.j2
@@ -4,4 +4,4 @@ metadata:
   name: cinder.csi.openstack.org
 spec:
   attachRequired: true
-  podInfoOnMount: false
+  podInfoOnMount: true
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
index e2f1afa7c..b4d92744a 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
@@ -19,7 +19,7 @@ spec:
       hostNetwork: true
       containers:
         - name: node-driver-registrar
-          image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
+          image: {{ cinder_csi_node_driver_registrar_image_repo }}:{{ cinder_csi_node_driver_registrar_image_tag }}
           args:
             - "--csi-address=$(ADDRESS)"
             - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
@@ -48,7 +48,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: docker.io/k8scloudprovider/cinder-csi-plugin:latest
+          image: {{ cinder_csi_plugin_image_repo }}:{{ cinder_csi_plugin_image_tag }}
           args :
             - /bin/cinder-csi-plugin
             - "--nodeid=$(NODE_ID)"
@@ -79,7 +79,10 @@ spec:
             - name: secret-cinderplugin
               mountPath: /etc/config
               readOnly: true
-{% if cinder_cacert is defined %}
+            - name: ca-certs
+              mountPath: /etc/ssl/certs
+              readOnly: true
+{% if cinder_cacert is defined and cinder_cacert != "" %}
             - name: cinder-cacert
               mountPath: {{ kube_config_dir }}/cinder-cacert.pem
               readOnly: true
@@ -108,7 +111,11 @@ spec:
         - name: secret-cinderplugin
           secret:
             secretName: cloud-config
-{% if cinder_cacert is defined %}
+        - name: ca-certs
+          hostPath:
+            path: /etc/ssl/certs
+            type: DirectoryOrCreate
+{% if cinder_cacert is defined and cinder_cacert != "" %}
         - name: cinder-cacert
           hostPath:
             path: {{ kube_config_dir }}/cinder-cacert.pem
diff --git a/roles/kubernetes-apps/persistent_volumes/cinder-csi/defaults/main.yml b/roles/kubernetes-apps/persistent_volumes/cinder-csi/defaults/main.yml
index c00d8d6eb..5e35dd5ae 100644
--- a/roles/kubernetes-apps/persistent_volumes/cinder-csi/defaults/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/cinder-csi/defaults/main.yml
@@ -4,3 +4,4 @@ storage_classes:
     is_default: false
     parameters:
       availability: nova
+      allowVolumeExpansion: false
-- 
GitLab