mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-23 21:40:20 +00:00
deploy: update csi-snapshotter sidecar to v5.0.1
This release of snapshotter has a breaking change as mentioned in the release note: Refer# [1]: https://github.com/kubernetes-csi/external-snapshotter/releases/tag/v5.0.0 RBAC rules are also updated with this commit. Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
693aabbe1e
commit
de2489ed7d
@ -27,7 +27,7 @@ GOLANGCI_VERSION=v1.43.0
|
||||
|
||||
# external snapshotter version
|
||||
# Refer: https://github.com/kubernetes-csi/external-snapshotter/releases
|
||||
SNAPSHOT_VERSION=v4.0.0
|
||||
SNAPSHOT_VERSION=v5.0.1
|
||||
|
||||
# "go test" configuration
|
||||
# set to stdout or html to enable coverage reporting, disabled by default
|
||||
@ -49,7 +49,7 @@ ROOK_CEPH_CLUSTER_IMAGE=quay.io/ceph/ceph:v16
|
||||
|
||||
# CSI sidecar version
|
||||
CSI_ATTACHER_VERSION=v3.4.0
|
||||
CSI_SNAPSHOTTER_VERSION=v4.2.0
|
||||
CSI_SNAPSHOTTER_VERSION=v5.0.1
|
||||
CSI_PROVISIONER_VERSION=v3.1.0
|
||||
CSI_RESIZER_VERSION=v1.4.0
|
||||
CSI_NODE_DRIVER_REGISTRAR_VERSION=v2.4.0
|
||||
|
@ -27,16 +27,19 @@ rules:
|
||||
verbs: ["list", "watch", "create", "update", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list"]
|
||||
verbs: ["get", "list", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents/status"]
|
||||
verbs: ["update"]
|
||||
verbs: ["update", "patch"]
|
||||
{{- if .Values.provisioner.attacher.enabled }}
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["volumeattachments"]
|
||||
|
@ -38,16 +38,19 @@ rules:
|
||||
{{- end }}
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list"]
|
||||
verbs: ["get", "list", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["get", "list", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents/status"]
|
||||
verbs: ["update"]
|
||||
verbs: ["update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
verbs: ["get"]
|
||||
|
@ -76,7 +76,7 @@ spec:
|
||||
- name: socket-dir
|
||||
mountPath: /csi
|
||||
- name: csi-snapshotter
|
||||
image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
|
||||
image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
|
||||
args:
|
||||
- "--csi-address=$(ADDRESS)"
|
||||
- "--v=5"
|
||||
|
@ -31,9 +31,12 @@ rules:
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["get", "list", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
@ -51,7 +54,7 @@ rules:
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents/status"]
|
||||
verbs: ["update"]
|
||||
verbs: ["update", "patch"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
@ -35,10 +35,13 @@ rules:
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list"]
|
||||
verbs: ["get", "list", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["get", "list", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
@ -53,7 +56,7 @@ rules:
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents/status"]
|
||||
verbs: ["update"]
|
||||
verbs: ["update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
verbs: ["get"]
|
||||
|
@ -67,7 +67,7 @@ spec:
|
||||
- name: socket-dir
|
||||
mountPath: /csi
|
||||
- name: csi-snapshotter
|
||||
image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
|
||||
image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
|
||||
args:
|
||||
- "--csi-address=$(ADDRESS)"
|
||||
- "--v=5"
|
||||
|
@ -33,7 +33,7 @@
|
||||
`SNAPSHOT_VERSION` variable, for example:
|
||||
|
||||
```console
|
||||
SNAPSHOT_VERSION="v4.0.0" ./scripts/install-snapshot.sh install
|
||||
SNAPSHOT_VERSION="v5.0.1" ./scripts/install-snapshot.sh install
|
||||
```
|
||||
|
||||
- In the future, you can choose to cleanup by running
|
||||
|
@ -7,7 +7,7 @@ SCRIPT_DIR="$(dirname "${0}")"
|
||||
# shellcheck source=build.env
|
||||
source "${SCRIPT_DIR}/../build.env"
|
||||
|
||||
SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v4.0.0"}
|
||||
SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v5.0.1"}
|
||||
|
||||
TEMP_DIR="$(mktemp -d)"
|
||||
SNAPSHOTTER_URL="https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${SNAPSHOT_VERSION}"
|
||||
@ -24,7 +24,7 @@ VOLUME_SNAPSHOT="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_vo
|
||||
function install_snapshot_controller() {
|
||||
local namespace=$1
|
||||
if [ -z "${namespace}" ]; then
|
||||
namespace="default"
|
||||
namespace="kube-system"
|
||||
fi
|
||||
|
||||
create_or_delete_resource "create" ${namespace}
|
||||
@ -51,7 +51,7 @@ function install_snapshot_controller() {
|
||||
function cleanup_snapshot_controller() {
|
||||
local namespace=$1
|
||||
if [ -z "${namespace}" ]; then
|
||||
namespace="default"
|
||||
namespace="kube-system"
|
||||
fi
|
||||
create_or_delete_resource "delete" ${namespace}
|
||||
}
|
||||
@ -65,8 +65,9 @@ function create_or_delete_resource() {
|
||||
mkdir -p "${TEMP_DIR}"
|
||||
curl -o "${temp_rbac}" "${SNAPSHOT_RBAC}"
|
||||
curl -o "${temp_snap_controller}" "${SNAPSHOT_CONTROLLER}"
|
||||
sed -i "s/namespace: default/namespace: ${namespace}/g" "${temp_rbac}"
|
||||
sed -i "s/namespace: default/namespace: ${namespace}/g" "${snapshotter_psp}"
|
||||
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_rbac}"
|
||||
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_snap_controller}"
|
||||
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${snapshotter_psp}"
|
||||
sed -i "s/canary/${SNAPSHOT_VERSION}/g" "${temp_snap_controller}"
|
||||
|
||||
kubectl "${operation}" -f "${temp_rbac}"
|
||||
|
@ -3,6 +3,7 @@ apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: csi-snapshotter-psp
|
||||
namespace: kube-system
|
||||
spec:
|
||||
allowPrivilegeEscalation: true
|
||||
allowedCapabilities:
|
||||
@ -28,8 +29,8 @@ kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-snapshotter-psp
|
||||
# replace with non-default namespace name
|
||||
namespace: default
|
||||
# replace with non-kube-system namespace name
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups: ["policy"]
|
||||
resources: ["podsecuritypolicies"]
|
||||
@ -41,13 +42,13 @@ kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-snapshotter-psp
|
||||
# replace with non-default namespace name
|
||||
namespace: default
|
||||
# replace with non-kube-system namespace name
|
||||
namespace: kube-system
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
# replace with non-default namespace name
|
||||
namespace: default
|
||||
# replace with non-kube-system namespace name
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: csi-snapshotter-psp
|
||||
|
Loading…
Reference in New Issue
Block a user