deploy: update csi-snapshotter sidecar to v5.0.1

This release of snapshotter has a breaking change as mentioned in the release note: Refer# [1]: https://github.com/kubernetes-csi/external-snapshotter/releases/tag/v5.0.0 RBAC rules are also updated with this commit. Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2024-11-09 16:00:22 +00:00 · 2022-01-17 18:28:38 +05:30 · 2022-01-17 18:28:38 +05:30 · de2489ed7d
commit de2489ed7d
parent 693aabbe1e
10 changed files with 41 additions and 27 deletions
--- a/build.env
+++ b/build.env
@ -27,7 +27,7 @@ GOLANGCI_VERSION=v1.43.0

 # external snapshotter version
 # Refer: https://github.com/kubernetes-csi/external-snapshotter/releases
-SNAPSHOT_VERSION=v4.0.0
+SNAPSHOT_VERSION=v5.0.1

 # "go test" configuration
 # set to stdout or html to enable coverage reporting, disabled by default
@ -49,7 +49,7 @@ ROOK_CEPH_CLUSTER_IMAGE=quay.io/ceph/ceph:v16

 # CSI sidecar version
 CSI_ATTACHER_VERSION=v3.4.0
-CSI_SNAPSHOTTER_VERSION=v4.2.0
+CSI_SNAPSHOTTER_VERSION=v5.0.1
 CSI_PROVISIONER_VERSION=v3.1.0
 CSI_RESIZER_VERSION=v1.4.0
 CSI_NODE_DRIVER_REGISTRAR_VERSION=v2.4.0
--- a/charts/ceph-csi-cephfs/templates/provisioner-clusterrole.yaml
+++ b/charts/ceph-csi-cephfs/templates/provisioner-clusterrole.yaml
@ -27,16 +27,19 @@ rules:
    verbs: ["list", "watch", "create", "update", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
-    verbs: ["create", "get", "list", "watch", "update", "delete"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
-    verbs: ["update"]
+    verbs: ["update", "patch"]
 {{- if .Values.provisioner.attacher.enabled }}
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
--- a/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
@ -38,16 +38,19 @@ rules:
 {{- end }}
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["get", "list", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
-    verbs: ["create", "get", "list", "watch", "update", "delete"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
-    verbs: ["update"]
+    verbs: ["update", "patch"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
--- a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml
+++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml
@ -76,7 +76,7 @@ spec:
            - name: socket-dir
              mountPath: /csi
        - name: csi-snapshotter
-          image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
+          image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
--- a/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml
+++ b/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml
@ -31,9 +31,12 @@ rules:
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["get", "list", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
-    verbs: ["create", "get", "list", "watch", "update", "delete"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
@ -51,7 +54,7 @@ rules:
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
-    verbs: ["update"]
+    verbs: ["update", "patch"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
--- a/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml
+++ b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml
@ -35,10 +35,13 @@ rules:
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["get", "list", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
-    verbs: ["create", "get", "list", "watch", "update", "delete"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
@ -53,7 +56,7 @@ rules:
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
-    verbs: ["update"]
+    verbs: ["update", "patch"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
--- a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
+++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
@ -67,7 +67,7 @@ spec:
            - name: socket-dir
              mountPath: /csi
        - name: csi-snapshotter
-          image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
+          image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
--- a/docs/snap-clone.md
+++ b/docs/snap-clone.md
@ -33,7 +33,7 @@
    `SNAPSHOT_VERSION` variable, for example:

    ```console
-    SNAPSHOT_VERSION="v4.0.0" ./scripts/install-snapshot.sh install
+    SNAPSHOT_VERSION="v5.0.1" ./scripts/install-snapshot.sh install
    ```

  - In the future, you can choose to cleanup by running
--- a/scripts/install-snapshot.sh
+++ b/scripts/install-snapshot.sh
@ -7,7 +7,7 @@ SCRIPT_DIR="$(dirname "${0}")"
 # shellcheck source=build.env
 source "${SCRIPT_DIR}/../build.env"

-SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v4.0.0"}
+SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v5.0.1"}

 TEMP_DIR="$(mktemp -d)"
 SNAPSHOTTER_URL="https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${SNAPSHOT_VERSION}"
@ -24,7 +24,7 @@ VOLUME_SNAPSHOT="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_vo
 function install_snapshot_controller() {
    local namespace=$1
    if [ -z "${namespace}" ]; then
-        namespace="default"
+        namespace="kube-system"
    fi

    create_or_delete_resource "create" ${namespace}
@ -51,7 +51,7 @@ function install_snapshot_controller() {
 function cleanup_snapshot_controller() {
    local namespace=$1
    if [ -z "${namespace}" ]; then
-        namespace="default"
+        namespace="kube-system"
    fi
    create_or_delete_resource "delete" ${namespace}
 }
@ -65,8 +65,9 @@ function create_or_delete_resource() {
    mkdir -p "${TEMP_DIR}"
    curl -o "${temp_rbac}" "${SNAPSHOT_RBAC}"
    curl -o "${temp_snap_controller}" "${SNAPSHOT_CONTROLLER}"
-    sed -i "s/namespace: default/namespace: ${namespace}/g" "${temp_rbac}"
-    sed -i "s/namespace: default/namespace: ${namespace}/g" "${snapshotter_psp}"
+    sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_rbac}"
+    sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_snap_controller}"
+    sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${snapshotter_psp}"
    sed -i "s/canary/${SNAPSHOT_VERSION}/g" "${temp_snap_controller}"

    kubectl "${operation}" -f "${temp_rbac}"
--- a/scripts/snapshot-controller-psp.yaml
+++ b/scripts/snapshot-controller-psp.yaml
@ -3,6 +3,7 @@ apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: csi-snapshotter-psp
+  namespace: kube-system
 spec:
  allowPrivilegeEscalation: true
  allowedCapabilities:
@ -28,8 +29,8 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: csi-snapshotter-psp
-  # replace with non-default namespace name
-  namespace: default
+  # replace with non-kube-system namespace name
+  namespace: kube-system
 rules:
  - apiGroups: ["policy"]
    resources: ["podsecuritypolicies"]
@ -41,13 +42,13 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: csi-snapshotter-psp
-  # replace with non-default namespace name
-  namespace: default
+  # replace with non-kube-system namespace name
+  namespace: kube-system
 subjects:
  - kind: ServiceAccount
    name: snapshot-controller
-    # replace with non-default namespace name
-    namespace: default
+    # replace with non-kube-system namespace name
+    namespace: kube-system
 roleRef:
  kind: Role
  name: csi-snapshotter-psp