diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index 27e353f256..ae875b9ac8 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -444,6 +444,8 @@ spec: type: boolean ignore-volume-microversion: type: boolean + metricsEnabled: + type: boolean override-volume-az: type: string type: object diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index 756d9f7c42..f335b98774 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -788,6 +788,7 @@ type OpenstackBlockStorageConfig struct { IgnoreAZ *bool `json:"ignore-volume-az,omitempty"` OverrideAZ *string `json:"override-volume-az,omitempty"` IgnoreVolumeMicroVersion *bool `json:"ignore-volume-microversion,omitempty"` + MetricsEnabled *bool `json:"metricsEnabled,omitempty"` // CreateStorageClass provisions a default class for the Cinder plugin CreateStorageClass *bool `json:"createStorageClass,omitempty"` CSIPluginImage string `json:"csiPluginImage,omitempty"` diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index 1ed2f7f36a..0ec8545eb7 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -794,6 +794,7 @@ type OpenstackBlockStorageConfig struct { IgnoreAZ *bool `json:"ignore-volume-az,omitempty"` OverrideAZ *string `json:"override-volume-az,omitempty"` IgnoreVolumeMicroVersion *bool `json:"ignore-volume-microversion,omitempty"` + MetricsEnabled *bool `json:"metricsEnabled,omitempty"` // CreateStorageClass provisions a default class for the Cinder plugin CreateStorageClass *bool `json:"createStorageClass,omitempty"` CSIPluginImage string `json:"csiPluginImage,omitempty"` diff --git a/pkg/apis/kops/v1alpha3/componentconfig.go b/pkg/apis/kops/v1alpha3/componentconfig.go index b1743ed791..01bfc4eeb3 100644 --- a/pkg/apis/kops/v1alpha3/componentconfig.go +++ b/pkg/apis/kops/v1alpha3/componentconfig.go @@ -785,6 +785,7 @@ type OpenstackBlockStorageConfig struct { IgnoreAZ *bool `json:"ignore-volume-az,omitempty"` OverrideAZ *string `json:"override-volume-az,omitempty"` IgnoreVolumeMicroVersion *bool `json:"ignore-volume-microversion,omitempty"` + MetricsEnabled *bool `json:"metricsEnabled,omitempty"` // CreateStorageClass provisions a default class for the Cinder plugin CreateStorageClass *bool `json:"createStorageClass,omitempty"` CSIPluginImage string `json:"csiPluginImage,omitempty"` diff --git a/pkg/model/openstackmodel/firewall.go b/pkg/model/openstackmodel/firewall.go index 98b4fb31a0..27f542f052 100644 --- a/pkg/model/openstackmodel/firewall.go +++ b/pkg/model/openstackmodel/firewall.go @@ -361,6 +361,20 @@ func (b *FirewallModelBuilder) addNodeExporterAndOccmRules(c *fi.CloudupModelBui PortRangeMax: i(10258), } b.addDirectionalGroupRule(c, masterSG, nodeSG, occmMetrics) + + if fi.ValueOf(b.Cluster.Spec.CloudProvider.Openstack.BlockStorage.MetricsEnabled) { + csiMetrics := &openstacktasks.SecurityGroupRule{ + Lifecycle: b.Lifecycle, + Direction: s(string(rules.DirIngress)), + Protocol: s(IPProtocolTCP), + EtherType: s(IPV4), + PortRangeMin: i(9809), + PortRangeMax: i(9809), + } + // allow 9809 port from nodeSG & masterSG + b.addDirectionalGroupRule(c, masterSG, nodeSG, csiMetrics) + b.addDirectionalGroupRule(c, nodeSG, nodeSG, csiMetrics) + } return nil } diff --git a/upup/models/cloudup/resources/addons/storage-openstack.addons.k8s.io/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/storage-openstack.addons.k8s.io/k8s-1.16.yaml.template index 3910f724a8..e3533d8f85 100644 --- a/upup/models/cloudup/resources/addons/storage-openstack.addons.k8s.io/k8s-1.16.yaml.template +++ b/upup/models/cloudup/resources/addons/storage-openstack.addons.k8s.io/k8s-1.16.yaml.template @@ -250,7 +250,7 @@ spec: serviceAccount: csi-cinder-controller-sa containers: - name: csi-attacher - image: registry.k8s.io/sig-storage/csi-attacher:v3.4.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.2.0 args: - "--csi-address=$(ADDRESS)" - "--timeout=3m" @@ -263,7 +263,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.1 args: - "--csi-address=$(ADDRESS)" - "--timeout=3m" @@ -282,7 +282,7 @@ spec: mountPath: /var/lib/csi/sockets/pluginproxy/ {{ if HasSnapshotController }} - name: csi-snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v5.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.2.1 args: - "--csi-address=$(ADDRESS)" - "--timeout=3m" @@ -297,7 +297,7 @@ spec: name: socket-dir {{ end }} - name: csi-resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.4.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 args: - "--csi-address=$(ADDRESS)" - "--timeout=3m" @@ -311,7 +311,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: liveness-probe - image: registry.k8s.io/sig-storage/livenessprobe:v2.6.0 + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 args: - "--csi-address=$(ADDRESS)" env: @@ -327,6 +327,9 @@ spec: - "--endpoint=$(CSI_ENDPOINT)" - "--cloud-config=$(CLOUD_CONFIG)" - "--cluster=$(CLUSTER_NAME)" +{{- if WithDefaultBool .CloudProvider.Openstack.BlockStorage.MetricsEnabled false }} + - "--http-endpoint=:9809" +{{- end }} env: - name: CSI_ENDPOINT value: unix://csi/csi.sock @@ -339,6 +342,11 @@ spec: - containerPort: 9808 name: healthz protocol: TCP +{{- if WithDefaultBool .CloudProvider.Openstack.BlockStorage.MetricsEnabled false }} + - containerPort: 9809 + name: metrics + protocol: TCP +{{- end }} livenessProbe: failureThreshold: 5 httpGet: @@ -426,7 +434,7 @@ spec: hostNetwork: true containers: - name: node-driver-registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.3 args: - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" @@ -446,7 +454,7 @@ spec: - name: registration-dir mountPath: /registration - name: liveness-probe - image: registry.k8s.io/sig-storage/livenessprobe:v2.6.0 + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 args: - --csi-address=/csi/csi.sock volumeMounts: @@ -467,6 +475,9 @@ spec: - "--cloud-config=$(CLOUD_CONFIG)" {{- if .CloudProvider.Openstack.BlockStorage.ClusterName }} - "--cluster=$(CLUSTER_NAME)" +{{- end }} +{{- if WithDefaultBool .CloudProvider.Openstack.BlockStorage.MetricsEnabled false }} + - "--http-endpoint=:9809" {{- end }} env: - name: CSI_ENDPOINT @@ -482,6 +493,11 @@ spec: - containerPort: 9808 name: healthz protocol: TCP +{{- if WithDefaultBool .CloudProvider.Openstack.BlockStorage.MetricsEnabled false }} + - containerPort: 9809 + name: metrics + protocol: TCP +{{- end }} livenessProbe: failureThreshold: 5 httpGet: