deploy: update csi-snapshotter sidecar to v5.0.1

This release of snapshotter has a breaking change as mentioned
in the release note:

Refer#
[1]: https://github.com/kubernetes-csi/external-snapshotter/releases/tag/v5.0.0

RBAC rules are also updated with this commit.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-17 18:28:38 +05:30 committed by mergify[bot]
parent 693aabbe1e
commit de2489ed7d
10 changed files with 41 additions and 27 deletions

View File

@ -27,7 +27,7 @@ GOLANGCI_VERSION=v1.43.0
# external snapshotter version
# Refer: https://github.com/kubernetes-csi/external-snapshotter/releases
SNAPSHOT_VERSION=v4.0.0
SNAPSHOT_VERSION=v5.0.1
# "go test" configuration
# set to stdout or html to enable coverage reporting, disabled by default
@ -49,7 +49,7 @@ ROOK_CEPH_CLUSTER_IMAGE=quay.io/ceph/ceph:v16
# CSI sidecar version
CSI_ATTACHER_VERSION=v3.4.0
CSI_SNAPSHOTTER_VERSION=v4.2.0
CSI_SNAPSHOTTER_VERSION=v5.0.1
CSI_PROVISIONER_VERSION=v3.1.0
CSI_RESIZER_VERSION=v1.4.0
CSI_NODE_DRIVER_REGISTRAR_VERSION=v2.4.0

View File

@ -27,16 +27,19 @@ rules:
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
verbs: ["get", "list", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
verbs: ["update", "patch"]
{{- if .Values.provisioner.attacher.enabled }}
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]

View File

@ -38,16 +38,19 @@ rules:
{{- end }}
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
verbs: ["get", "list", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["get", "list", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]

View File

@ -76,7 +76,7 @@ spec:
- name: socket-dir
mountPath: /csi
- name: csi-snapshotter
image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"

View File

@ -31,9 +31,12 @@ rules:
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["get", "list", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
@ -51,7 +54,7 @@ rules:
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
verbs: ["update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1

View File

@ -35,10 +35,13 @@ rules:
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
verbs: ["get", "list", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["get", "list", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
@ -53,7 +56,7 @@ rules:
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]

View File

@ -67,7 +67,7 @@ spec:
- name: socket-dir
mountPath: /csi
- name: csi-snapshotter
image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"

View File

@ -33,7 +33,7 @@
`SNAPSHOT_VERSION` variable, for example:
```console
SNAPSHOT_VERSION="v4.0.0" ./scripts/install-snapshot.sh install
SNAPSHOT_VERSION="v5.0.1" ./scripts/install-snapshot.sh install
```
- In the future, you can choose to cleanup by running

View File

@ -7,7 +7,7 @@ SCRIPT_DIR="$(dirname "${0}")"
# shellcheck source=build.env
source "${SCRIPT_DIR}/../build.env"
SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v4.0.0"}
SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v5.0.1"}
TEMP_DIR="$(mktemp -d)"
SNAPSHOTTER_URL="https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${SNAPSHOT_VERSION}"
@ -24,7 +24,7 @@ VOLUME_SNAPSHOT="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_vo
function install_snapshot_controller() {
local namespace=$1
if [ -z "${namespace}" ]; then
namespace="default"
namespace="kube-system"
fi
create_or_delete_resource "create" ${namespace}
@ -51,7 +51,7 @@ function install_snapshot_controller() {
function cleanup_snapshot_controller() {
local namespace=$1
if [ -z "${namespace}" ]; then
namespace="default"
namespace="kube-system"
fi
create_or_delete_resource "delete" ${namespace}
}
@ -65,8 +65,9 @@ function create_or_delete_resource() {
mkdir -p "${TEMP_DIR}"
curl -o "${temp_rbac}" "${SNAPSHOT_RBAC}"
curl -o "${temp_snap_controller}" "${SNAPSHOT_CONTROLLER}"
sed -i "s/namespace: default/namespace: ${namespace}/g" "${temp_rbac}"
sed -i "s/namespace: default/namespace: ${namespace}/g" "${snapshotter_psp}"
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_rbac}"
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_snap_controller}"
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${snapshotter_psp}"
sed -i "s/canary/${SNAPSHOT_VERSION}/g" "${temp_snap_controller}"
kubectl "${operation}" -f "${temp_rbac}"

View File

@ -3,6 +3,7 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-snapshotter-psp
namespace: kube-system
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
@ -28,8 +29,8 @@ kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-psp
# replace with non-default namespace name
namespace: default
# replace with non-kube-system namespace name
namespace: kube-system
rules:
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
@ -41,13 +42,13 @@ kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-psp
# replace with non-default namespace name
namespace: default
# replace with non-kube-system namespace name
namespace: kube-system
subjects:
- kind: ServiceAccount
name: snapshot-controller
# replace with non-default namespace name
namespace: default
# replace with non-kube-system namespace name
namespace: kube-system
roleRef:
kind: Role
name: csi-snapshotter-psp