update OpenStack CSI manifest

2022-05-04 12:39:24 +03:00 · 2022-05-04 12:39:24 +03:00 · 4ca48dcd5b
parent d9821a9cbb
commit 4ca48dcd5b
1 changed files with 45 additions and 53 deletions
--- a/upup/models/cloudup/resources/addons/storage-openstack.addons.k8s.io/k8s-1.16.yaml.template
+++ b/upup/models/cloudup/resources/addons/storage-openstack.addons.k8s.io/k8s-1.16.yaml.template
@ -30,6 +30,9 @@ rules:
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]

 ---
 kind: ClusterRoleBinding
@ -83,6 +86,9 @@ rules:
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]

 ---
 kind: ClusterRoleBinding
@ -124,10 +130,13 @@ rules:
    verbs: ["get", "list", "watch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
-    verbs: ["create", "get", "list", "watch", "update", "delete"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
-    verbs: ["update"]
+    verbs: ["update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]

 ---
 kind: ClusterRoleBinding
@ -174,6 +183,9 @@ rules:
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]

 ---
 kind: ClusterRoleBinding
@ -191,36 +203,6 @@ roleRef:
  name: csi-resizer-role
  apiGroup: rbac.authorization.k8s.io

---
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  namespace: kube-system
-  name: external-resizer-cfg
-  labels:
-    k8s-addon: storage-openstack.addons.k8s.io
-rules:
- apiGroups: ["coordination.k8s.io"]
-  resources: ["leases"]
-  verbs: ["get", "watch", "list", "delete", "update", "create"]
-
---
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: csi-resizer-role-cfg
-  namespace: kube-system
-  labels:
-    k8s-addon: storage-openstack.addons.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: csi-cinder-controller-sa
-    namespace: kube-system
-roleRef:
-  kind: Role
-  name: external-resizer-cfg
-  apiGroup: rbac.authorization.k8s.io
-
 ---
 # This YAML file contains CSI Controller Plugin Sidecars
 # external-attacher, external-provisioner, external-snapshotter
@ -241,7 +223,7 @@ spec:
      port: 12345

 ---
-kind: StatefulSet
+kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: csi-cinder-controllerplugin
@ -249,8 +231,12 @@ metadata:
  labels:
    k8s-addon: storage-openstack.addons.k8s.io
 spec:
-  serviceName: csi-cinder-controller-service
  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
  selector:
    matchLabels:
      app: csi-cinder-controllerplugin
@ -264,10 +250,11 @@ spec:
      serviceAccount: csi-cinder-controller-sa
      containers:
        - name: csi-attacher
-          image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0
+          image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
          args:
            - "--csi-address=$(ADDRESS)"
            - "--timeout=3m"
+            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
@ -276,15 +263,16 @@ spec:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
        - name: csi-provisioner
-          image: registry.k8s.io/sig-storage/csi-provisioner:v2.2.0
+          image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0
          args:
            - "--csi-address=$(ADDRESS)"
            - "--timeout=3m"
-            - "--extra-create-metadata"
            - "--default-fstype=ext4"
 {{ if WithDefaultBool .CloudProvider.Openstack.BlockStorage.CSITopologySupport false }}
            - --feature-gates=Topology=true
 {{ end }}
+            - "--extra-create-metadata"
+            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
@ -293,11 +281,12 @@ spec:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
        - name: csi-snapshotter
-          image: registry.k8s.io/sig-storage/csi-snapshotter:v4.0.0
+          image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
          args:
            - "--csi-address=$(ADDRESS)"
            - "--timeout=3m"
            - "--extra-create-metadata"
+            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
@ -306,11 +295,12 @@ spec:
            - mountPath: /var/lib/csi/sockets/pluginproxy/
              name: socket-dir
        - name: csi-resizer
-          image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0
+          image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
          args:
            - "--csi-address=$(ADDRESS)"
            - "--timeout=3m"
            - "--handle-volume-inuse-error=false"
+            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
@ -319,7 +309,7 @@ spec:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
        - name: liveness-probe
-          image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0
+          image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0
          args:
            - "--csi-address=$(ADDRESS)"
          env:
@ -332,19 +322,14 @@ spec:
          image: "{{- if .CloudProvider.Openstack.BlockStorage.CSIPluginImage -}} {{ .CloudProvider.Openstack.BlockStorage.CSIPluginImage }} {{- else -}} docker.io/k8scloudprovider/cinder-csi-plugin:{{OpenStackCSITag}} {{- end -}}"
          args:
            - /bin/cinder-csi-plugin
-            - "--nodeid=$(NODE_ID)"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--cloud-config=$(CLOUD_CONFIG)"
            - "--cluster=$(CLUSTER_NAME)"
          env:
-            - name: NODE_ID
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
            - name: CSI_ENDPOINT
              value: unix://csi/csi.sock
            - name: CLOUD_CONFIG
-              value: /etc/kubernetes/cloud.config
+              value: /etc/config/cloud.conf
            - name: CLUSTER_NAME
              value: kubernetes
          imagePullPolicy: "IfNotPresent"
@ -440,7 +425,7 @@ spec:
      hostNetwork: true
      containers:
        - name: node-driver-registrar
-          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0
+          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0
          args:
            - "--csi-address=$(ADDRESS)"
            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
@ -460,7 +445,7 @@ spec:
            - name: registration-dir
              mountPath: /registration
        - name: liveness-probe
-          image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0
+          image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0
          args:
            - --csi-address=/csi/csi.sock
          volumeMounts:
@ -477,19 +462,26 @@ spec:
          image: "{{- if .CloudProvider.Openstack.BlockStorage.CSIPluginImage -}} {{ .CloudProvider.Openstack.BlockStorage.CSIPluginImage }} {{- else -}} docker.io/k8scloudprovider/cinder-csi-plugin:{{OpenStackCSITag}} {{- end -}}"
          args :
            - /bin/cinder-csi-plugin
-            - "--nodeid=$(NODE_ID)"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--cloud-config=$(CLOUD_CONFIG)"
          env:
-            - name: NODE_ID
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
            - name: CSI_ENDPOINT
              value: unix://csi/csi.sock
            - name: CLOUD_CONFIG
              value: /etc/kubernetes/cloud.config
          imagePullPolicy: "IfNotPresent"
+          ports:
+            - containerPort: 9808
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 10
+            timeoutSeconds: 3
+            periodSeconds: 10
          volumeMounts:
            - name: socket-dir
              mountPath: /csi