Merge branch 'master' of http://github.com/ceph/ceph-csi into csi-v1.0

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>

.mergify.yml

@@ -3,7 +3,7 @@ pull_request_rules:
   - name: automatic merge
     conditions:
       - label!=DNM
-      - '#approved-reviews-by>=1'
+      - '#approved-reviews-by>=2'
       - 'status-success=continuous-integration/travis-ci/pr'
     actions:
       merge:

Makefile

@@ -1,4 +1,4 @@
-# Copyright 2018 The Kubernetes Authors.
+# Copyright 2018 The Ceph-CSI Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,10 +17,13 @@
 CONTAINER_CMD?=docker
 
 RBD_IMAGE_NAME=$(if $(ENV_RBD_IMAGE_NAME),$(ENV_RBD_IMAGE_NAME),quay.io/cephcsi/rbdplugin)
-RBD_IMAGE_VERSION=$(if $(ENV_RBD_IMAGE_VERSION),$(ENV_RBD_IMAGE_VERSION),v1.0.0)
+RBD_IMAGE_VERSION=$(if $(ENV_RBD_IMAGE_VERSION),$(ENV_RBD_IMAGE_VERSION),v1.0.0-canary)
 
 CEPHFS_IMAGE_NAME=$(if $(ENV_CEPHFS_IMAGE_NAME),$(ENV_CEPHFS_IMAGE_NAME),quay.io/cephcsi/cephfsplugin)
-CEPHFS_IMAGE_VERSION=$(if $(ENV_CEPHFS_IMAGE_VERSION),$(ENV_CEPHFS_IMAGE_VERSION),v1.0.0)
+CEPHFS_IMAGE_VERSION=$(if $(ENV_CEPHFS_IMAGE_VERSION),$(ENV_CEPHFS_IMAGE_VERSION),v1.0.0-canary)
+
+CSI_IMAGE_NAME?=quay.io/cephcsi/cephcsi
+CSI_IMAGE_VERSION?=v1.0.0
 
 CSI_IMAGE_NAME?=quay.io/cephcsi/cephcsi
 CSI_IMAGE_VERSION?=v1.0.0
@@ -53,7 +56,7 @@ image-rbdplugin: cephcsi
 	$(CONTAINER_CMD) build -t $(RBD_IMAGE_NAME):$(RBD_IMAGE_VERSION) deploy/rbd/docker
 
 image-cephfsplugin: cephcsi
-	cp _output/cephsci deploy/cephfs/docker/cephfsplugin
+	cp _output/cephcsi deploy/cephfs/docker/cephfsplugin
 	$(CONTAINER_CMD) build -t $(CEPHFS_IMAGE_NAME):$(CEPHFS_IMAGE_VERSION) deploy/cephfs/docker
 
 push-image-rbdplugin: image-rbdplugin

README.md

@@ -1,5 +1,10 @@
 # Ceph CSI 1.0.0
 
+[![Go Report
+Card](https://goreportcard.com/badge/github.com/ceph/ceph-csi)](https://goreportcard.com/report/github.com/ceph/ceph-csi)
+[![Build
+Status](https://travis-ci.org/ceph/ceph-csi.svg?branch=master)](https://travis-ci.org/ceph/ceph-csi)
+
 [Container Storage Interface
 (CSI)](https://github.com/container-storage-interface/) driver, provisioner,
 and attacher for Ceph RBD and CephFS.

cmd/cephfs/main.go

@@ -1,63 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"flag"
-	"os"
-
-	"github.com/ceph/ceph-csi/pkg/cephfs"
-	"github.com/ceph/ceph-csi/pkg/util"
-	"k8s.io/klog"
-)
-
-var (
-	endpoint        = flag.String("endpoint", "unix://tmp/csi.sock", "CSI endpoint")
-	driverName      = flag.String("drivername", "cephfs.csi.ceph.com", "name of the driver")
-	nodeID          = flag.String("nodeid", "", "node id")
-	volumeMounter   = flag.String("volumemounter", "", "default volume mounter (possible options are 'kernel', 'fuse')")
-	metadataStorage = flag.String("metadatastorage", "", "metadata persistence method [node|k8s_configmap]")
-	mountCacheDir   = flag.String("mountcachedir", "", "mount info cache save dir")
-)
-
-func init() {
-	klog.InitFlags(nil)
-	if err := flag.Set("logtostderr", "true"); err != nil {
-		klog.Exitf("failed to set logtostderr flag: %v", err)
-	}
-	flag.Parse()
-}
-
-func main() {
-
-	err := util.ValidateDriverName(*driverName)
-	if err != nil {
-		klog.Fatalln(err)
-	}
-	//update plugin name
-	cephfs.PluginFolder = cephfs.PluginFolder + *driverName
-
-	cp, err := util.CreatePersistanceStorage(cephfs.PluginFolder, *metadataStorage, *driverName)
-	if err != nil {
-		os.Exit(1)
-	}
-
-	driver := cephfs.NewDriver()
-	driver.Run(*driverName, *nodeID, *endpoint, *volumeMounter, *mountCacheDir, cp)
-
-	os.Exit(0)
-}

cmd/rbd/main.go

@@ -1,64 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"flag"
-	"os"
-
-	"github.com/ceph/ceph-csi/pkg/rbd"
-	"github.com/ceph/ceph-csi/pkg/util"
-	"k8s.io/klog"
-)
-
-var (
-	endpoint        = flag.String("endpoint", "unix://tmp/csi.sock", "CSI endpoint")
-	driverName      = flag.String("drivername", "rbd.csi.ceph.com", "name of the driver")
-	nodeID          = flag.String("nodeid", "", "node id")
-	containerized   = flag.Bool("containerized", true, "whether run as containerized")
-	metadataStorage = flag.String("metadatastorage", "", "metadata persistence method [node|k8s_configmap]")
-	configRoot      = flag.String("configroot", "/etc/csi-config", "directory in which CSI specific Ceph"+
-		" cluster configurations are present, OR the value \"k8s_objects\" if present as kubernetes secrets")
-)
-
-func init() {
-	klog.InitFlags(nil)
-	if err := flag.Set("logtostderr", "true"); err != nil {
-		klog.Exitf("failed to set logtostderr flag: %v", err)
-	}
-	flag.Parse()
-}
-
-func main() {
-
-	err := util.ValidateDriverName(*driverName)
-	if err != nil {
-		klog.Fatalln(err)
-	}
-	//update plugin name
-	rbd.PluginFolder = rbd.PluginFolder + *driverName
-
-	cp, err := util.CreatePersistanceStorage(rbd.PluginFolder, *metadataStorage, *driverName)
-	if err != nil {
-		os.Exit(1)
-	}
-
-	driver := rbd.NewDriver()
-	driver.Run(*driverName, *nodeID, *endpoint, *configRoot, *containerized, cp)
-
-	os.Exit(0)
-}

deploy.sh

@@ -25,11 +25,11 @@ push_helm_charts() {
 }
 
 if [ "${TRAVIS_BRANCH}" == 'csi-v0.3' ]; then
-	export RBD_IMAGE_VERSION='v0.3.0'
+	export RBD_IMAGE_VERSION='v0.3-canary'
-	export CEPHFS_IMAGE_VERSION='v0.3.0'
+	export CEPHFS_IMAGE_VERSION='v0.3-canary'
-elif [ "${TRAVIS_BRANCH}" == 'csi-v1.0' ]; then
+elif [ "${TRAVIS_BRANCH}" == 'master' ]; then
-	export RBD_IMAGE_VERSION='v1.0.0'
+	export RBD_IMAGE_VERSION='canary'
-	export CEPHFS_IMAGE_VERSION='v1.0.0'
+	export CEPHFS_IMAGE_VERSION='canary'
 else
 	echo "!!! Branch ${TRAVIS_BRANCH} is not a deployable branch; exiting"
 	exit 0 # Exiting 0 so that this isn't marked as failing

deploy/cephfs/helm/Chart.yaml

@@ -4,7 +4,11 @@ appVersion: "1.0.0"
 description: "Container Storage Interface (CSI) driver,
 provisioner, and attacher for Ceph cephfs"
 name: ceph-csi-cephfs
+<<<<<<< HEAD
 version: 0.6.0
+=======
+version: 0.5.3
+>>>>>>> 882bebf1d8507d6bcd4b4bfae23a861057353785
 keywords:
   - ceph
   - cephfs

deploy/cephfs/helm/templates/_helpers.tpl

@@ -24,24 +24,6 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ceph-csi-cephfs.attacher.fullname" -}}
-{{- if .Values.attacher.fullnameOverride -}}
-{{- .Values.attacher.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- printf "%s-%s" .Release.Name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s-%s" .Release.Name $name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -85,17 +67,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "ceph-csi-cephfs.serviceAccountName.attacher" -}}
-{{- if .Values.serviceAccounts.attacher.create -}}
-    {{ default (include "ceph-csi-cephfs.attacher.fullname" .) .Values.serviceAccounts.attacher.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccounts.attacher.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create the name of the service account to use
 */}}

deploy/cephfs/helm/templates/attacher-clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end -}}

deploy/cephfs/helm/templates/attacher-service.yaml

@@ -1,18 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-  ports:
-    - name: dummy
-      port: 12345

deploy/cephfs/helm/templates/attacher-serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccounts.attacher.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- end -}}

deploy/cephfs/helm/templates/attacher-statefulset.yaml

@@ -1,60 +0,0 @@
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  replicas: {{ .Values.attacher.replicas }}
-  selector:
-    matchLabels:
-      app: {{ include "ceph-csi-cephfs.name" . }}
-      component: {{ .Values.attacher.name }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "ceph-csi-cephfs.name" . }}
-        chart: {{ include "ceph-csi-cephfs.chart" . }}
-        component: {{ .Values.attacher.name }}
-        release: {{ .Release.Name }}
-        heritage: {{ .Release.Service }}
-    spec:
-      serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }}
-      containers:
-        - name: csi-cephfsplugin-attacher
-          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
-          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
-          volumeMounts:
-            - name: socket-dir
-              mountPath: {{ .Values.socketDir }}
-          resources:
-{{ toYaml .Values.attacher.resources | indent 12 }}
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: {{ .Values.socketDir }}
-            type: DirectoryOrCreate
-    {{- if .Values.attacher.affinity -}}
-      affinity:
-{{ toYaml .Values.attacher.affinity . | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.nodeSelector -}}
-      nodeSelector:
-{{ toYaml .Values.attacher.nodeSelector | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.tolerations -}}
-      tolerations:
-{{ toYaml .Values.attacher.tolerations | indent 8 }}
-    {{- end -}}

deploy/cephfs/helm/templates/csidriver-crd.yaml

@@ -0,0 +1,10 @@
+---
+{{ if not .Values.attacher.enabled }}
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driverName }}
+spec:
+  attachRequired: false
+  podInfoOnMount: false
+{{ end }}

deploy/cephfs/helm/templates/nodeplugin-clusterrole.yaml

@@ -9,23 +9,9 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-rules:
+aggregationRule:
-  - apiGroups: [""]
+  clusterRoleSelectors:
-    resources: ["configmaps"]
+    - matchLabels:
-    verbs: ["get", "list"]
+        rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}: "true"
-  - apiGroups: [""]
+rules: []
-    resources: ["nodes"]
-    verbs: ["get", "list", "update"]
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    verbs: ["get", "list"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "list"]
 {{- end -}}

deploy/cephfs/helm/templates/nodeplugin-rules-clusterrole.yaml

@@ -2,27 +2,31 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
+  name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}-rules
   labels:
     app: {{ include "ceph-csi-cephfs.name" . }}
     chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
+    component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}: "true"
 rules:
   - apiGroups: [""]
-    resources: ["events"]
+    resources: ["configmaps"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "update"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
+  - apiGroups: [""]
-    resources: ["csinodeinfos"]
+    resources: ["configmaps"]
-    verbs: ["get", "list", "watch"]
+    verbs: ["get", "list"]
 {{- end -}}

deploy/cephfs/helm/templates/provisioner-clusterrole.yaml

@@ -9,29 +9,9 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-rules:
+aggregationRule:
-  - apiGroups: [""]
+  clusterRoleSelectors:
-    resources: ["nodes"]
+    - matchLabels:
-    verbs: ["get", "list", "watch"]
+        rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.provisioner.fullname" . }}: "true"
-  - apiGroups: [""]
+rules: []
-    resources: ["secrets"]
-    verbs: ["get", "list"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "list", "create", "delete"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
 {{- end -}}

deploy/cephfs/helm/templates/provisioner-rules-clusterrole.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}-rules
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.provisioner.fullname" . }}: "true"
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["csi.storage.k8s.io"]
+    resources: ["csinodeinfos"]
+    verbs: ["get", "list", "watch"]
+  {{ if .Values.attacher.enabled }}
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+  {{ end }}
+{{- end -}}

deploy/cephfs/helm/templates/provisioner-statefulset.yaml

@@ -41,6 +41,20 @@ spec:
               mountPath: {{ .Values.socketDir }}
           resources:
 {{ toYaml .Values.provisioner.resources | indent 12 }}
+        {{ if .Values.attacher.enabled }}
+        - name: csi-attacher
+          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
+          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.socketDir }}
+        {{ end }}
         - name: csi-cephfsplugin
           securityContext:
             privileged: true
@@ -79,7 +93,7 @@ spec:
 #FIXME this seems way too much. Why is it needed at all for this?
         - name: host-rootfs
           hostPath:
-            path: /            
+            path: /
     {{- if .Values.provisioner.affinity -}}
       affinity:
 {{ toYaml .Values.provisioner.affinity . | indent 8 }}

deploy/cephfs/helm/values.yaml

@@ -20,7 +20,7 @@ volumeDevicesDir: /var/lib/kubelet/plugins/kubernetes.io/csi/volumeDevices
 driverName: cephfs.csi.ceph.com
 attacher:
   name: attacher
-
+  enabled: true
   replicaCount: 1
 
   image:

deploy/cephfs/kubernetes/csi-attacher-rbac.yaml

@@ -1,38 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cephfs-csi-attacher
-
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-external-attacher-runner
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-csi-attacher-role
-subjects:
-  - kind: ServiceAccount
-    name: cephfs-csi-attacher
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: cephfs-external-attacher-runner
-  apiGroup: rbac.authorization.k8s.io

deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml

@@ -1,46 +0,0 @@
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: csi-cephfsplugin-attacher
-  labels:
-    app: csi-cephfsplugin-attacher
-spec:
-  selector:
-    app: csi-cephfsplugin-attacher
-  ports:
-    - name: dummy
-      port: 12345
-
----
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: csi-cephfsplugin-attacher
-spec:
-  serviceName: "csi-cephfsplugin-attacher"
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: csi-cephfsplugin-attacher
-    spec:
-      serviceAccount: cephfs-csi-attacher
-      containers:
-        - name: csi-cephfsplugin-attacher
-          image: quay.io/k8scsi/csi-attacher:v1.0.1
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: /var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock
-          imagePullPolicy: "IfNotPresent"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /var/lib/kubelet/plugins/cephfs.csi.ceph.com
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: /var/lib/kubelet/plugins/cephfs.csi.ceph.com
-            type: DirectoryOrCreate

deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml

@@ -39,6 +39,18 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
+        - name: csi-cephfsplugin-attacher
+          image: quay.io/k8scsi/csi-attacher:v1.0.1
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /csi/csi-provisioner.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
         - name: csi-cephfsplugin
           securityContext:
             privileged: true

deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml

@@ -9,6 +9,18 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-nodeplugin
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.cephfs.csi.ceph.com/aggregate-to-cephfs-csi-nodeplugin: "true"
+rules: []
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cephfs-csi-nodeplugin-rules
+  labels:
+    rbac.cephfs.csi.ceph.com/aggregate-to-cephfs-csi-nodeplugin: "true"
 rules:
   - apiGroups: [""]
     resources: ["configmaps"]

deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml

@@ -9,6 +9,18 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-external-provisioner-runner
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.cephfs.csi.ceph.com/aggregate-to-cephfs-external-provisioner-runner: "true"
+rules: []
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cephfs-external-provisioner-runner-rules
+  labels:
+    rbac.cephfs.csi.ceph.com/aggregate-to-cephfs-external-provisioner-runner: "true"
 rules:
   - apiGroups: [""]
     resources: ["nodes"]
@@ -31,6 +43,9 @@ rules:
   - apiGroups: ["csi.storage.k8s.io"]
     resources: ["csinodeinfos"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
 
 ---
 kind: ClusterRoleBinding

deploy/rbd/helm/Chart.yaml

@@ -4,7 +4,11 @@ appVersion: "1.0.0"
 description: "Container Storage Interface (CSI) driver,
 provisioner, snapshotter, and attacher for Ceph RBD"
 name: ceph-csi-rbd
+<<<<<<< HEAD
 version: 0.6.0
+=======
+version: 0.5.3
+>>>>>>> 882bebf1d8507d6bcd4b4bfae23a861057353785
 keywords:
   - ceph
   - rbd

deploy/rbd/helm/templates/_helpers.tpl

@@ -24,24 +24,6 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ceph-csi-rbd.attacher.fullname" -}}
-{{- if .Values.attacher.fullnameOverride -}}
-{{- .Values.attacher.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- printf "%s-%s" .Release.Name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s-%s" .Release.Name $name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -85,17 +67,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "ceph-csi-rbd.serviceAccountName.attacher" -}}
-{{- if .Values.serviceAccounts.attacher.create -}}
-    {{ default (include "ceph-csi-rbd.attacher.fullname" .) .Values.serviceAccounts.attacher.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccounts.attacher.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create the name of the service account to use
 */}}

deploy/rbd/helm/templates/attacher-clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "ceph-csi-rbd.serviceAccountName.attacher" . }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end -}}

deploy/rbd/helm/templates/attacher-service.yaml

@@ -1,18 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-  ports:
-    - name: dummy
-      port: 12345

deploy/rbd/helm/templates/attacher-serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccounts.attacher.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "ceph-csi-rbd.serviceAccountName.attacher" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- end -}}

deploy/rbd/helm/templates/attacher-statefulset.yaml

@@ -1,60 +0,0 @@
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  replicas: {{ .Values.attacher.replicas }}
-  selector:
-    matchLabels:
-      app: {{ include "ceph-csi-rbd.name" . }}
-      component: {{ .Values.attacher.name }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "ceph-csi-rbd.name" . }}
-        chart: {{ include "ceph-csi-rbd.chart" . }}
-        component: {{ .Values.attacher.name }}
-        release: {{ .Release.Name }}
-        heritage: {{ .Release.Service }}
-    spec:
-      serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.attacher" . }}
-      containers:
-        - name: csi-rbdplugin-attacher
-          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
-          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
-          volumeMounts:
-            - name: socket-dir
-              mountPath: {{ .Values.socketDir }}
-          resources:
-{{ toYaml .Values.attacher.resources | indent 12 }}
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: {{ .Values.socketDir }}
-            type: DirectoryOrCreate
-    {{- if .Values.attacher.affinity -}}
-      affinity:
-{{ toYaml .Values.attacher.affinity . | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.nodeSelector -}}
-      nodeSelector:
-{{ toYaml .Values.attacher.nodeSelector | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.tolerations -}}
-      tolerations:
-{{ toYaml .Values.attacher.tolerations | indent 8 }}
-    {{- end -}}

deploy/rbd/helm/templates/csidriver-crd.yaml

@@ -0,0 +1,10 @@
+---
+{{ if not .Values.attacher.enabled }}
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driverName }}
+spec:
+  attachRequired: false
+  podInfoOnMount: false
+{{ end }}

deploy/rbd/helm/templates/nodeplugin-clusterrole.yaml

@@ -9,20 +9,9 @@ metadata:
     component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-rules:
+aggregationRule:
-  - apiGroups: [""]
+  clusterRoleSelectors:
-    resources: ["nodes"]
+    - matchLabels:
-    verbs: ["get", "list", "update"]
+        rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
-  - apiGroups: [""]
+rules: []
-    resources: ["namespaces"]
-    verbs: ["get", "list"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "list"]
 {{- end -}}

deploy/rbd/helm/templates/nodeplugin-rules-clusterrole.yaml

@@ -2,27 +2,28 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}-rules
   labels:
     app: {{ include "ceph-csi-rbd.name" . }}
     chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
+    component: {{ .Values.nodeplugin.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+    rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
 rules:
   - apiGroups: [""]
-    resources: ["events"]
+    resources: ["nodes"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "update"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
+  - apiGroups: [""]
-    resources: ["csinodeinfos"]
+    resources: ["configmaps"]
-    verbs: ["get", "list", "watch"]
+    verbs: ["get", "list"]
 {{- end -}}

deploy/rbd/helm/templates/provisioner-clusterrole.yaml

@@ -9,44 +9,9 @@ metadata:
     component: {{ .Values.provisioner.name }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-rules:
+aggregationRule:
-  - apiGroups: [""]
+  clusterRoleSelectors:
-    resources: ["nodes"]
+    - matchLabels:
-    verbs: ["get", "list", "watch"]
+        rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.provisioner.fullname" . }}: "true"
-  - apiGroups: [""]
+rules: []
-    resources: ["secrets"]
-    verbs: ["get", "list"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["endpoints"]
-    verbs: ["get", "create", "update"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshots"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "list", "create", "delete"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshotcontents"]
-    verbs: ["create", "get", "list", "watch", "update", "delete"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshotclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["create"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
 {{- end -}}

deploy/rbd/helm/templates/provisioner-rules-clusterrole.yaml

@@ -0,0 +1,55 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}-rules
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.provisioner.fullname" . }}: "true"
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "create", "update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update"]
+  {{ if .Values.attacher.enabled }}
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+  {{ end }}
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["create"]
+  - apiGroups: ["csi.storage.k8s.io"]
+    resources: ["csinodeinfos"]
+    verbs: ["get", "list", "watch"]
+{{- end -}}

deploy/rbd/helm/templates/provisioner-statefulset.yaml

@@ -58,6 +58,20 @@ spec:
               mountPath: {{ .Values.socketDir }}
           resources:
 {{ toYaml .Values.snapshotter.resources | indent 12 }}
+        {{ if .Values.attacher.enabled }}
+        - name: csi-attacher
+          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
+          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.socketDir }}
+        {{ end }}
         - name: csi-rbdplugin
           securityContext:
             privileged: true
@@ -97,7 +111,7 @@ spec:
 #FIXME this seems way too much. Why is it needed at all for this?
         - name: host-rootfs
           hostPath:
-            path: /            
+            path: /
     {{- if .Values.provisioner.affinity -}}
       affinity:
 {{ toYaml .Values.provisioner.affinity . | indent 8 }}

deploy/rbd/helm/values.yaml

@@ -21,7 +21,7 @@ driverName: rbd.csi.ceph.com
 
 attacher:
   name: attacher
-
+  enabled: true
   replicaCount: 1
 
   image:

deploy/rbd/kubernetes/csi-attacher-rbac.yaml

@@ -1,38 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: rbd-csi-attacher
-
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-external-attacher-runner
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-csi-attacher-role
-subjects:
-  - kind: ServiceAccount
-    name: rbd-csi-attacher
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: rbd-external-attacher-runner
-  apiGroup: rbac.authorization.k8s.io

deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml

@@ -9,6 +9,18 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-nodeplugin
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.rbd.csi.ceph.com/aggregate-to-rbd-csi-nodeplugin: "true"
+rules: []
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rbd-csi-nodeplugin-rules
+  labels:
+    rbac.rbd.csi.ceph.com/aggregate-to-rbd-csi-nodeplugin: "true"
 rules:
   - apiGroups: [""]
     resources: ["secrets"]

deploy/rbd/kubernetes/csi-provisioner-rbac.yaml

@@ -9,6 +9,18 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-external-provisioner-runner
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.rbd.csi.ceph.com/aggregate-to-rbd-external-provisioner-runner: "true"
+rules: []
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rbd-external-provisioner-runner-rules
+  labels:
+    rbac.rbd.csi.ceph.com/aggregate-to-rbd-external-provisioner-runner: "true"
 rules:
   - apiGroups: [""]
     resources: ["nodes"]
@@ -21,7 +33,7 @@ rules:
     verbs: ["list", "watch", "create", "update", "patch"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["get", "list", "watch", "update"]
@@ -43,6 +55,9 @@ rules:
   - apiGroups: ["csi.storage.k8s.io"]
     resources: ["csinodeinfos"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
 
 ---
 kind: ClusterRoleBinding

deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml

@@ -1,46 +0,0 @@
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: csi-rbdplugin-attacher
-  labels:
-    app: csi-rbdplugin-attacher
-spec:
-  selector:
-    app: csi-rbdplugin-attacher
-  ports:
-    - name: dummy
-      port: 12345
-
----
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: csi-rbdplugin-attacher
-spec:
-  serviceName: "csi-rbdplugin-attacher"
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: csi-rbdplugin-attacher
-    spec:
-      serviceAccount: rbd-csi-attacher
-      containers:
-        - name: csi-rbdplugin-attacher
-          image: quay.io/k8scsi/csi-attacher:v1.0.1
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: unix:///csi/csi-attacher.sock
-          imagePullPolicy: "IfNotPresent"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: /var/lib/kubelet/plugins/rbd.csi.ceph.com
-            type: DirectoryOrCreate

deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml

@@ -54,6 +54,18 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
+        - name: csi-attacher
+          image: quay.io/k8scsi/csi-attacher:v1.0.1
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /csi/csi-provisioner.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
         - name: csi-rbdplugin
           securityContext:
             privileged: true

docs/deploy-cephfs.md

@@ -90,7 +90,6 @@ YAML manifests are located in `deploy/cephfs/kubernetes`.
 **Deploy RBACs for sidecar containers and node plugins:**
 
 ```bash
-kubectl create -f csi-attacher-rbac.yaml
 kubectl create -f csi-provisioner-rbac.yaml
 kubectl create -f csi-nodeplugin-rbac.yaml
 ```
@@ -102,12 +101,11 @@ the same permissions.
 **Deploy CSI sidecar containers:**
 
 ```bash
-kubectl create -f csi-cephfsplugin-attacher.yaml
 kubectl create -f csi-cephfsplugin-provisioner.yaml
 ```
 
-Deploys stateful sets for external-attacher and external-provisioner
+Deploys stateful set of provision which includes external-provisioner
-sidecar containers for CSI CephFS.
+,external-attacher for CSI CephFS.
 
 **Deploy CSI CephFS driver:**
 
@@ -115,7 +113,7 @@ sidecar containers for CSI CephFS.
 kubectl create -f csi-cephfsplugin.yaml
 ```
 
-Deploys a daemon set with two containers: CSI driver-registrar and
+Deploys a daemon set with two containers: CSI node-driver-registrar and
 the CSI CephFS driver.
 
 ## Verifying the deployment in Kubernetes
@@ -125,14 +123,11 @@ After successfully completing the steps above, you should see output similar to
 ```bash
 $ kubectl get all
 NAME                                 READY     STATUS    RESTARTS   AGE
-pod/csi-cephfsplugin-attacher-0      1/1       Running   0          26s
+pod/csi-cephfsplugin-provisioner-0   3/3       Running   0          25s
-pod/csi-cephfsplugin-provisioner-0   1/1       Running   0          25s
 pod/csi-cephfsplugin-rljcv           2/2       Running   0          24s
 
 NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
-service/csi-cephfsplugin-attacher      ClusterIP   10.104.116.218   <none>        12345/TCP   27s
 service/csi-cephfsplugin-provisioner   ClusterIP   10.101.78.75     <none>        12345/TCP   26s
-
 ...
 ```
 

docs/deploy-rbd.md

@@ -93,7 +93,6 @@ YAML manifests are located in `deploy/rbd/kubernetes`.
 **Deploy RBACs for sidecar containers and node plugins:**
 
 ```bash
-kubectl create -f csi-attacher-rbac.yaml
 kubectl create -f csi-provisioner-rbac.yaml
 kubectl create -f csi-nodeplugin-rbac.yaml
 ```
@@ -105,12 +104,11 @@ the same permissions.
 **Deploy CSI sidecar containers:**
 
 ```bash
-kubectl create -f csi-rbdplugin-attacher.yaml
 kubectl create -f csi-rbdplugin-provisioner.yaml
 ```
 
-Deploys stateful sets for external-attacher and external-provisioner
+Deploys stateful set of provision which includes external-provisioner
-sidecar containers for CSI RBD.
+,external-attacher,csi-snapshotter sidecar containers and CSI RBD plugin.
 
 **Deploy RBD CSI driver:**
 
@@ -118,7 +116,8 @@ sidecar containers for CSI RBD.
 kubectl create -f csi-rbdplugin.yaml
 ```
 
-Deploys a daemon set with two containers: CSI driver-registrar and the CSI RBD driver.
+Deploys a daemon set with two containers: CSI node-driver-registrar and the CSI
+RBD driver.
 
 ## Verifying the deployment in Kubernetes
 
@@ -127,14 +126,11 @@ After successfully completing the steps above, you should see output similar to
 ```bash
 $ kubectl get all
 NAME                              READY     STATUS    RESTARTS   AGE
-pod/csi-rbdplugin-attacher-0      1/1       Running   0          23s
 pod/csi-rbdplugin-fptqr           2/2       Running   0          21s
-pod/csi-rbdplugin-provisioner-0   1/1       Running   0          22s
+pod/csi-rbdplugin-provisioner-0   4/4       Running   0          22s
 
 NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)     AGE
-service/csi-rbdplugin-attacher      ClusterIP   10.109.15.54   <none>        12345/TCP   26s
 service/csi-rbdplugin-provisioner   ClusterIP   10.104.2.130   <none>        12345/TCP   23s
-
 ...
 ```
 

examples/cephfs/plugin-deploy.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac csi-cephfsplugin-attacher csi-cephfsplugin-provisioner csi-cephfsplugin)
+objects=(csi-provisioner-rbac csi-nodeplugin-rbac csi-cephfsplugin-provisioner csi-cephfsplugin)
 
 for obj in "${objects[@]}"; do
 	kubectl create -f "./$obj.yaml"

examples/cephfs/plugin-teardown.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-cephfsplugin-attacher csi-cephfsplugin-provisioner csi-cephfsplugin csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac)
+objects=(csi-cephfsplugin-provisioner csi-cephfsplugin csi-provisioner-rbac csi-nodeplugin-rbac)
 
 for obj in "${objects[@]}"; do
 	kubectl delete -f "./$obj.yaml"

examples/rbd/plugin-deploy.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac csi-rbdplugin-attacher csi-rbdplugin-provisioner csi-rbdplugin)
+objects=(csi-provisioner-rbac csi-nodeplugin-rbac csi-rbdplugin-provisioner csi-rbdplugin)
 
 for obj in "${objects[@]}"; do
 	kubectl create -f "./$obj.yaml"

examples/rbd/plugin-teardown.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-rbdplugin-attacher csi-rbdplugin-provisioner csi-rbdplugin csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac)
+objects=(csi-rbdplugin-provisioner csi-rbdplugin csi-provisioner-rbac csi-nodeplugin-rbac)
 
 for obj in "${objects[@]}"; do
 	kubectl delete -f "./$obj.yaml"

pkg/cephfs/cephconf.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/cephuser.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/controllerserver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/credentials.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/driver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/identityserver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/nodeserver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/util.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/volume.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/volumemounter.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/cephfs/volumeoptions.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/rbd/controllerserver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -364,16 +364,6 @@ func (cs *ControllerServer) ValidateVolumeCapabilities(ctx context.Context, req
 	}, nil
 }
 
-// ControllerUnpublishVolume returns success response
-func (cs *ControllerServer) ControllerUnpublishVolume(ctx context.Context, req *csi.ControllerUnpublishVolumeRequest) (*csi.ControllerUnpublishVolumeResponse, error) {
-	return &csi.ControllerUnpublishVolumeResponse{}, nil
-}
-
-// ControllerPublishVolume returns success response
-func (cs *ControllerServer) ControllerPublishVolume(ctx context.Context, req *csi.ControllerPublishVolumeRequest) (*csi.ControllerPublishVolumeResponse, error) {
-	return &csi.ControllerPublishVolumeResponse{}, nil
-}
-
 // CreateSnapshot creates the snapshot in backend and stores metadata
 // in store
 // nolint: gocyclo

pkg/rbd/identityserver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/rbd/nodeserver.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/rbd/rbd.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -106,7 +106,6 @@ func (r *Driver) Run(driverName, nodeID, endpoint, configRoot string, containeri
 	}
 	r.cd.AddControllerServiceCapabilities([]csi.ControllerServiceCapability_RPC_Type{
 		csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME,
-		csi.ControllerServiceCapability_RPC_PUBLISH_UNPUBLISH_VOLUME,
 		csi.ControllerServiceCapability_RPC_LIST_VOLUMES,
 		csi.ControllerServiceCapability_RPC_CREATE_DELETE_SNAPSHOT,
 		csi.ControllerServiceCapability_RPC_LIST_SNAPSHOTS,

pkg/rbd/rbd_attach.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/rbd/rbd_util.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/util/cachepersister.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/util/k8scmcache.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/util/nodecache.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2018 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/util/stripsecrets.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2019 The Kubernetes Authors.
+Copyright 2019 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

pkg/util/util.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2019 The Kubernetes Authors.
+Copyright 2019 The Ceph-CSI Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.