Merge pull request #290 from Madhu-1/fix-att

Deploy csi-attacher as sidecar container in provisioner statefulset

deploy/cephfs/helm/Chart.yaml

@@ -4,7 +4,7 @@ appVersion: "1.0.0"
 description: "Container Storage Interface (CSI) driver,
 provisioner, and attacher for Ceph cephfs"
 name: ceph-csi-cephfs
-version: 0.5.1
+version: 0.5.2
 keywords:
   - ceph
   - cephfs

deploy/cephfs/helm/templates/_helpers.tpl

@@ -24,24 +24,6 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ceph-csi-cephfs.attacher.fullname" -}}
-{{- if .Values.attacher.fullnameOverride -}}
-{{- .Values.attacher.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- printf "%s-%s" .Release.Name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s-%s" .Release.Name $name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -85,17 +67,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "ceph-csi-cephfs.serviceAccountName.attacher" -}}
-{{- if .Values.serviceAccounts.attacher.create -}}
-    {{ default (include "ceph-csi-cephfs.attacher.fullname" .) .Values.serviceAccounts.attacher.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccounts.attacher.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create the name of the service account to use
 */}}

deploy/cephfs/helm/templates/attacher-clusterrole.yaml

@@ -1,28 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-rules:
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
-{{- end -}}

deploy/cephfs/helm/templates/attacher-clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end -}}

deploy/cephfs/helm/templates/attacher-service.yaml

@@ -1,18 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-  ports:
-    - name: dummy
-      port: 12345

deploy/cephfs/helm/templates/attacher-serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccounts.attacher.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- end -}}

deploy/cephfs/helm/templates/attacher-statefulset.yaml

@@ -1,60 +0,0 @@
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-cephfs.name" . }}
-    chart: {{ include "ceph-csi-cephfs.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ include "ceph-csi-cephfs.attacher.fullname" . }}
-  replicas: {{ .Values.attacher.replicas }}
-  selector:
-    matchLabels:
-      app: {{ include "ceph-csi-cephfs.name" . }}
-      component: {{ .Values.attacher.name }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "ceph-csi-cephfs.name" . }}
-        chart: {{ include "ceph-csi-cephfs.chart" . }}
-        component: {{ .Values.attacher.name }}
-        release: {{ .Release.Name }}
-        heritage: {{ .Release.Service }}
-    spec:
-      serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }}
-      containers:
-        - name: csi-cephfsplugin-attacher
-          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
-          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
-          volumeMounts:
-            - name: socket-dir
-              mountPath: {{ .Values.socketDir }}
-          resources:
-{{ toYaml .Values.attacher.resources | indent 12 }}
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: {{ .Values.socketDir }}
-            type: DirectoryOrCreate
-    {{- if .Values.attacher.affinity -}}
-      affinity:
-{{ toYaml .Values.attacher.affinity . | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.nodeSelector -}}
-      nodeSelector:
-{{ toYaml .Values.attacher.nodeSelector | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.tolerations -}}
-      tolerations:
-{{ toYaml .Values.attacher.tolerations | indent 8 }}
-    {{- end -}}

deploy/cephfs/helm/templates/csidriver-crd.yaml

@@ -0,0 +1,10 @@
+---
+{{ if not .Values.attacher.enabled }}
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driverName }}
+spec:
+  attachRequired: false
+  podInfoOnMount: false
+{{ end }}

deploy/cephfs/helm/templates/provisioner-clusterrole.yaml

@@ -28,10 +28,12 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "list", "create", "delete"]
   - apiGroups: ["csi.storage.k8s.io"]
     resources: ["csinodeinfos"]
     verbs: ["get", "list", "watch"]
+  {{ if .Values.attacher.enabled }}
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+  {{ end }}
 {{- end -}}

deploy/cephfs/helm/templates/provisioner-statefulset.yaml

@@ -41,6 +41,20 @@ spec:
               mountPath: {{ .Values.socketDir }}
           resources:
 {{ toYaml .Values.provisioner.resources | indent 12 }}
+        {{ if .Values.attacher.enabled }}
+        - name: csi-attacher
+          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
+          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.socketDir }}
+        {{ end }}
         - name: csi-cephfsplugin
           securityContext:
             privileged: true
@@ -79,7 +93,7 @@ spec:
 #FIXME this seems way too much. Why is it needed at all for this?
         - name: host-rootfs
           hostPath:
-            path: /            
+            path: /
     {{- if .Values.provisioner.affinity -}}
       affinity:
 {{ toYaml .Values.provisioner.affinity . | indent 8 }}

deploy/cephfs/helm/values.yaml

@@ -20,7 +20,7 @@ volumeDevicesDir: /var/lib/kubelet/plugins/kubernetes.io/csi/volumeDevices
 driverName: cephfs.csi.ceph.com
 attacher:
   name: attacher
-
+  enabled: true
   replicaCount: 1
 
   image:

deploy/cephfs/kubernetes/csi-attacher-rbac.yaml

@@ -1,38 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cephfs-csi-attacher
-
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-external-attacher-runner
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-csi-attacher-role
-subjects:
-  - kind: ServiceAccount
-    name: cephfs-csi-attacher
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: cephfs-external-attacher-runner
-  apiGroup: rbac.authorization.k8s.io

deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml

@@ -1,46 +0,0 @@
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: csi-cephfsplugin-attacher
-  labels:
-    app: csi-cephfsplugin-attacher
-spec:
-  selector:
-    app: csi-cephfsplugin-attacher
-  ports:
-    - name: dummy
-      port: 12345
-
----
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: csi-cephfsplugin-attacher
-spec:
-  serviceName: "csi-cephfsplugin-attacher"
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: csi-cephfsplugin-attacher
-    spec:
-      serviceAccount: cephfs-csi-attacher
-      containers:
-        - name: csi-cephfsplugin-attacher
-          image: quay.io/k8scsi/csi-attacher:v1.0.1
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: /var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock
-          imagePullPolicy: "IfNotPresent"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /var/lib/kubelet/plugins/cephfs.csi.ceph.com
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: /var/lib/kubelet/plugins/cephfs.csi.ceph.com
-            type: DirectoryOrCreate

deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml

@@ -39,6 +39,18 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
+        - name: csi-cephfsplugin-attacher
+          image: quay.io/k8scsi/csi-attacher:v1.0.1
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /csi/csi-provisioner.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
         - name: csi-cephfsplugin
           securityContext:
             privileged: true

deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml

@@ -31,6 +31,9 @@ rules:
   - apiGroups: ["csi.storage.k8s.io"]
     resources: ["csinodeinfos"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
 
 ---
 kind: ClusterRoleBinding

deploy/rbd/helm/Chart.yaml

@@ -4,7 +4,7 @@ appVersion: "1.0.0"
 description: "Container Storage Interface (CSI) driver,
 provisioner, snapshotter, and attacher for Ceph RBD"
 name: ceph-csi-rbd
-version: 0.5.1
+version: 0.5.2
 keywords:
   - ceph
   - rbd

deploy/rbd/helm/templates/_helpers.tpl

@@ -24,24 +24,6 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ceph-csi-rbd.attacher.fullname" -}}
-{{- if .Values.attacher.fullnameOverride -}}
-{{- .Values.attacher.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- printf "%s-%s" .Release.Name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s-%s" .Release.Name $name .Values.attacher.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -85,17 +67,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "ceph-csi-rbd.serviceAccountName.attacher" -}}
-{{- if .Values.serviceAccounts.attacher.create -}}
-    {{ default (include "ceph-csi-rbd.attacher.fullname" .) .Values.serviceAccounts.attacher.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccounts.attacher.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create the name of the service account to use
 */}}

deploy/rbd/helm/templates/attacher-clusterrole.yaml

@@ -1,28 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-rules:
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
-{{- end -}}

deploy/rbd/helm/templates/attacher-clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "ceph-csi-rbd.serviceAccountName.attacher" . }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end -}}

deploy/rbd/helm/templates/attacher-service.yaml

@@ -1,18 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  selector:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-  ports:
-    - name: dummy
-      port: 12345

deploy/rbd/helm/templates/attacher-serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccounts.attacher.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "ceph-csi-rbd.serviceAccountName.attacher" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- end -}}

deploy/rbd/helm/templates/attacher-statefulset.yaml

@@ -1,60 +0,0 @@
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  labels:
-    app: {{ include "ceph-csi-rbd.name" . }}
-    chart: {{ include "ceph-csi-rbd.chart" . }}
-    component: {{ .Values.attacher.name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  serviceName: {{ include "ceph-csi-rbd.attacher.fullname" . }}
-  replicas: {{ .Values.attacher.replicas }}
-  selector:
-    matchLabels:
-      app: {{ include "ceph-csi-rbd.name" . }}
-      component: {{ .Values.attacher.name }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "ceph-csi-rbd.name" . }}
-        chart: {{ include "ceph-csi-rbd.chart" . }}
-        component: {{ .Values.attacher.name }}
-        release: {{ .Release.Name }}
-        heritage: {{ .Release.Service }}
-    spec:
-      serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.attacher" . }}
-      containers:
-        - name: csi-rbdplugin-attacher
-          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
-          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
-          volumeMounts:
-            - name: socket-dir
-              mountPath: {{ .Values.socketDir }}
-          resources:
-{{ toYaml .Values.attacher.resources | indent 12 }}
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: {{ .Values.socketDir }}
-            type: DirectoryOrCreate
-    {{- if .Values.attacher.affinity -}}
-      affinity:
-{{ toYaml .Values.attacher.affinity . | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.nodeSelector -}}
-      nodeSelector:
-{{ toYaml .Values.attacher.nodeSelector | indent 8 }}
-    {{- end -}}
-    {{- if .Values.attacher.tolerations -}}
-      tolerations:
-{{ toYaml .Values.attacher.tolerations | indent 8 }}
-    {{- end -}}

deploy/rbd/helm/templates/csidriver-crd.yaml

@@ -0,0 +1,10 @@
+---
+{{ if not .Values.attacher.enabled }}
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driverName }}
+spec:
+  attachRequired: false
+  podInfoOnMount: false
+{{ end }}

deploy/rbd/helm/templates/provisioner-clusterrole.yaml

@@ -34,9 +34,11 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
     verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "list", "create", "delete"]
+  {{ if .Values.attacher.enabled }}
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+  {{ end }}
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents"]
     verbs: ["create", "get", "list", "watch", "update", "delete"]

deploy/rbd/helm/templates/provisioner-statefulset.yaml

@@ -58,6 +58,20 @@ spec:
               mountPath: {{ .Values.socketDir }}
           resources:
 {{ toYaml .Values.snapshotter.resources | indent 12 }}
+        {{ if .Values.attacher.enabled }}
+        - name: csi-attacher
+          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}"
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}"
+          imagePullPolicy: {{ .Values.attacher.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.socketDir }}
+        {{ end }}
         - name: csi-rbdplugin
           securityContext:
             privileged: true
@@ -97,7 +111,7 @@ spec:
 #FIXME this seems way too much. Why is it needed at all for this?
         - name: host-rootfs
           hostPath:
-            path: /            
+            path: /
     {{- if .Values.provisioner.affinity -}}
       affinity:
 {{ toYaml .Values.provisioner.affinity . | indent 8 }}

deploy/rbd/helm/values.yaml

@@ -21,7 +21,7 @@ driverName: rbd.csi.ceph.com
 
 attacher:
   name: attacher
-
+  enabled: true
   replicaCount: 1
 
   image:

deploy/rbd/kubernetes/csi-attacher-rbac.yaml

@@ -1,38 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: rbd-csi-attacher
-
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-external-attacher-runner
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-csi-attacher-role
-subjects:
-  - kind: ServiceAccount
-    name: rbd-csi-attacher
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: rbd-external-attacher-runner
-  apiGroup: rbac.authorization.k8s.io

deploy/rbd/kubernetes/csi-provisioner-rbac.yaml

@@ -43,6 +43,9 @@ rules:
   - apiGroups: ["csi.storage.k8s.io"]
     resources: ["csinodeinfos"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
 
 ---
 kind: ClusterRoleBinding

deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml

@@ -1,46 +0,0 @@
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: csi-rbdplugin-attacher
-  labels:
-    app: csi-rbdplugin-attacher
-spec:
-  selector:
-    app: csi-rbdplugin-attacher
-  ports:
-    - name: dummy
-      port: 12345
-
----
-kind: StatefulSet
-apiVersion: apps/v1beta1
-metadata:
-  name: csi-rbdplugin-attacher
-spec:
-  serviceName: "csi-rbdplugin-attacher"
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: csi-rbdplugin-attacher
-    spec:
-      serviceAccount: rbd-csi-attacher
-      containers:
-        - name: csi-rbdplugin-attacher
-          image: quay.io/k8scsi/csi-attacher:v1.0.1
-          args:
-            - "--v=5"
-            - "--csi-address=$(ADDRESS)"
-          env:
-            - name: ADDRESS
-              value: unix:///csi/csi-attacher.sock
-          imagePullPolicy: "IfNotPresent"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-      volumes:
-        - name: socket-dir
-          hostPath:
-            path: /var/lib/kubelet/plugins/rbd.csi.ceph.com
-            type: DirectoryOrCreate

deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml

@@ -54,6 +54,18 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
+        - name: csi-attacher
+          image: quay.io/k8scsi/csi-attacher:v1.0.1
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /csi/csi-provisioner.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
         - name: csi-rbdplugin
           securityContext:
             privileged: true

docs/deploy-cephfs.md

@@ -90,7 +90,6 @@ YAML manifests are located in `deploy/cephfs/kubernetes`.
 **Deploy RBACs for sidecar containers and node plugins:**
 
 ```bash
-kubectl create -f csi-attacher-rbac.yaml
 kubectl create -f csi-provisioner-rbac.yaml
 kubectl create -f csi-nodeplugin-rbac.yaml
 ```
@@ -102,12 +101,11 @@ the same permissions.
 **Deploy CSI sidecar containers:**
 
 ```bash
-kubectl create -f csi-cephfsplugin-attacher.yaml
 kubectl create -f csi-cephfsplugin-provisioner.yaml
 ```
 
-Deploys stateful sets for external-attacher and external-provisioner
-sidecar containers for CSI CephFS.
+Deploys stateful set of provision which includes external-provisioner
+,external-attacher for CSI CephFS.
 
 **Deploy CSI CephFS driver:**
 
@@ -115,7 +113,7 @@ sidecar containers for CSI CephFS.
 kubectl create -f csi-cephfsplugin.yaml
 ```
 
-Deploys a daemon set with two containers: CSI driver-registrar and
+Deploys a daemon set with two containers: CSI node-driver-registrar and
 the CSI CephFS driver.
 
 ## Verifying the deployment in Kubernetes
@@ -125,14 +123,11 @@ After successfully completing the steps above, you should see output similar to
 ```bash
 $ kubectl get all
 NAME                                 READY     STATUS    RESTARTS   AGE
-pod/csi-cephfsplugin-attacher-0      1/1       Running   0          26s
-pod/csi-cephfsplugin-provisioner-0   1/1       Running   0          25s
+pod/csi-cephfsplugin-provisioner-0   3/3       Running   0          25s
 pod/csi-cephfsplugin-rljcv           2/2       Running   0          24s
 
 NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
-service/csi-cephfsplugin-attacher      ClusterIP   10.104.116.218   <none>        12345/TCP   27s
 service/csi-cephfsplugin-provisioner   ClusterIP   10.101.78.75     <none>        12345/TCP   26s
-
 ...
 ```
 

docs/deploy-rbd.md

@@ -93,7 +93,6 @@ YAML manifests are located in `deploy/rbd/kubernetes`.
 **Deploy RBACs for sidecar containers and node plugins:**
 
 ```bash
-kubectl create -f csi-attacher-rbac.yaml
 kubectl create -f csi-provisioner-rbac.yaml
 kubectl create -f csi-nodeplugin-rbac.yaml
 ```
@@ -105,12 +104,11 @@ the same permissions.
 **Deploy CSI sidecar containers:**
 
 ```bash
-kubectl create -f csi-rbdplugin-attacher.yaml
 kubectl create -f csi-rbdplugin-provisioner.yaml
 ```
 
-Deploys stateful sets for external-attacher and external-provisioner
-sidecar containers for CSI RBD.
+Deploys stateful set of provision which includes external-provisioner
+,external-attacher,csi-snapshotter sidecar containers and CSI RBD plugin.
 
 **Deploy RBD CSI driver:**
 
@@ -118,7 +116,8 @@ sidecar containers for CSI RBD.
 kubectl create -f csi-rbdplugin.yaml
 ```
 
-Deploys a daemon set with two containers: CSI driver-registrar and the CSI RBD driver.
+Deploys a daemon set with two containers: CSI node-driver-registrar and the CSI
+RBD driver.
 
 ## Verifying the deployment in Kubernetes
 
@@ -127,14 +126,11 @@ After successfully completing the steps above, you should see output similar to
 ```bash
 $ kubectl get all
 NAME                              READY     STATUS    RESTARTS   AGE
-pod/csi-rbdplugin-attacher-0      1/1       Running   0          23s
 pod/csi-rbdplugin-fptqr           2/2       Running   0          21s
-pod/csi-rbdplugin-provisioner-0   1/1       Running   0          22s
+pod/csi-rbdplugin-provisioner-0   4/4       Running   0          22s
 
 NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)     AGE
-service/csi-rbdplugin-attacher      ClusterIP   10.109.15.54   <none>        12345/TCP   26s
 service/csi-rbdplugin-provisioner   ClusterIP   10.104.2.130   <none>        12345/TCP   23s
-
 ...
 ```
 

examples/cephfs/plugin-deploy.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac csi-cephfsplugin-attacher csi-cephfsplugin-provisioner csi-cephfsplugin)
+objects=(csi-provisioner-rbac csi-nodeplugin-rbac csi-cephfsplugin-provisioner csi-cephfsplugin)
 
 for obj in "${objects[@]}"; do
 	kubectl create -f "./$obj.yaml"

examples/cephfs/plugin-teardown.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-cephfsplugin-attacher csi-cephfsplugin-provisioner csi-cephfsplugin csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac)
+objects=(csi-cephfsplugin-provisioner csi-cephfsplugin csi-provisioner-rbac csi-nodeplugin-rbac)
 
 for obj in "${objects[@]}"; do
 	kubectl delete -f "./$obj.yaml"

examples/rbd/plugin-deploy.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac csi-rbdplugin-attacher csi-rbdplugin-provisioner csi-rbdplugin)
+objects=(csi-provisioner-rbac csi-nodeplugin-rbac csi-rbdplugin-provisioner csi-rbdplugin)
 
 for obj in "${objects[@]}"; do
 	kubectl create -f "./$obj.yaml"

examples/rbd/plugin-teardown.sh

@@ -8,7 +8,7 @@ fi
 
 cd "$deployment_base" || exit 1
 
-objects=(csi-rbdplugin-attacher csi-rbdplugin-provisioner csi-rbdplugin csi-attacher-rbac csi-provisioner-rbac csi-nodeplugin-rbac)
+objects=(csi-rbdplugin-provisioner csi-rbdplugin csi-provisioner-rbac csi-nodeplugin-rbac)
 
 for obj in "${objects[@]}"; do
 	kubectl delete -f "./$obj.yaml"

pkg/rbd/controllerserver.go

@@ -364,16 +364,6 @@ func (cs *ControllerServer) ValidateVolumeCapabilities(ctx context.Context, req
 	}, nil
 }
 
-// ControllerUnpublishVolume returns success response
-func (cs *ControllerServer) ControllerUnpublishVolume(ctx context.Context, req *csi.ControllerUnpublishVolumeRequest) (*csi.ControllerUnpublishVolumeResponse, error) {
-	return &csi.ControllerUnpublishVolumeResponse{}, nil
-}
-
-// ControllerPublishVolume returns success response
-func (cs *ControllerServer) ControllerPublishVolume(ctx context.Context, req *csi.ControllerPublishVolumeRequest) (*csi.ControllerPublishVolumeResponse, error) {
-	return &csi.ControllerPublishVolumeResponse{}, nil
-}
-
 // CreateSnapshot creates the snapshot in backend and stores metadata
 // in store
 // nolint: gocyclo

pkg/rbd/rbd.go

@@ -106,7 +106,6 @@ func (r *Driver) Run(driverName, nodeID, endpoint, configRoot string, containeri
 	}
 	r.cd.AddControllerServiceCapabilities([]csi.ControllerServiceCapability_RPC_Type{
 		csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME,
-		csi.ControllerServiceCapability_RPC_PUBLISH_UNPUBLISH_VOLUME,
 		csi.ControllerServiceCapability_RPC_LIST_VOLUMES,
 		csi.ControllerServiceCapability_RPC_CREATE_DELETE_SNAPSHOT,
 		csi.ControllerServiceCapability_RPC_LIST_SNAPSHOTS,