mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: update csi-snapshotter sidecar to v5.0.1

Browse Source 
This release of snapshotter has a breaking change as mentioned
in the release note:

Refer#
[1]: https://github.com/kubernetes-csi/external-snapshotter/releases/tag/v5.0.0

RBAC rules are also updated with this commit.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal
2022-01-17 18:28:38 +05:30
committed by mergify[bot]
parent 693aabbe1e
commit de2489ed7d
10 changed files with 41 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/install-snapshot.sh
View File

@ -7,7 +7,7 @@ SCRIPT_DIR="$(dirname "${0}")"
# shellcheck source=build.env
source "${SCRIPT_DIR}/../build.env"
SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v4.0.0"}
SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"v5.0.1"}
TEMP_DIR="$(mktemp -d)"
SNAPSHOTTER_URL="https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${SNAPSHOT_VERSION}"
@ -24,7 +24,7 @@ VOLUME_SNAPSHOT="${SNAPSHOTTER_URL}/client/config/crd/snapshot.storage.k8s.io_vo
function install_snapshot_controller() {
local namespace=$1
if [ -z "${namespace}" ]; then
namespace="default"
namespace="kube-system"
fi
create_or_delete_resource "create" ${namespace}
@ -51,7 +51,7 @@ function install_snapshot_controller() {
function cleanup_snapshot_controller() {
local namespace=$1
if [ -z "${namespace}" ]; then
namespace="default"
namespace="kube-system"
fi
create_or_delete_resource "delete" ${namespace}
}
@ -65,8 +65,9 @@ function create_or_delete_resource() {
mkdir -p "${TEMP_DIR}"
curl -o "${temp_rbac}" "${SNAPSHOT_RBAC}"
curl -o "${temp_snap_controller}" "${SNAPSHOT_CONTROLLER}"
sed -i "s/namespace: default/namespace: ${namespace}/g" "${temp_rbac}"
sed -i "s/namespace: default/namespace: ${namespace}/g" "${snapshotter_psp}"
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_rbac}"
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${temp_snap_controller}"
sed -i "s/namespace: kube-system/namespace: ${namespace}/g" "${snapshotter_psp}"
sed -i "s/canary/${SNAPSHOT_VERSION}/g" "${temp_snap_controller}"
kubectl "${operation}" -f "${temp_rbac}"

13
scripts/snapshot-controller-psp.yaml
View File

@ -3,6 +3,7 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-snapshotter-psp
namespace: kube-system
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
@ -28,8 +29,8 @@ kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-psp
# replace with non-default namespace name
namespace: default
# replace with non-kube-system namespace name
namespace: kube-system
rules:
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
@ -41,13 +42,13 @@ kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-psp
# replace with non-default namespace name
namespace: default
# replace with non-kube-system namespace name
namespace: kube-system
subjects:
- kind: ServiceAccount
name: snapshot-controller
# replace with non-default namespace name
namespace: default
# replace with non-kube-system namespace name
namespace: kube-system
roleRef:
kind: Role
name: csi-snapshotter-psp