From bcb47d6a67ad9e9bc1f87482e4cf68fec61d2262 Mon Sep 17 00:00:00 2001 From: Cheng Pan Date: Tue, 4 Dec 2018 11:37:08 -0800 Subject: [PATCH] Partially revert PR #122 and add latest manifest files Fixes: #137 I use latest instead of v1.13 to highlight that is the latest version under development which might have issues. And any other versioned manifest files should not break. --- .../{v1.12+ => latest}/attacher.yaml | 0 .../kubernetes/{v1.12+ => latest}/node.yaml | 0 .../{v1.12+ => latest}/provisioner.yaml | 0 .../{v1.12+ => latest}/sample_app/claim.yaml | 0 .../{v1.12+ => latest}/sample_app/pod.yaml | 0 .../sample_app/storageclass.yaml | 0 .../kubernetes/{v1.12+ => latest}/secret.yaml | 0 deploy/kubernetes/v1.12/attacher.yaml | 122 +++++++++++++++ deploy/kubernetes/v1.12/node.yaml | 140 ++++++++++++++++++ deploy/kubernetes/v1.12/provisioner.yaml | 140 ++++++++++++++++++ deploy/kubernetes/v1.12/sample_app/claim.yaml | 11 ++ deploy/kubernetes/v1.12/sample_app/pod.yaml | 17 +++ .../v1.12/sample_app/storageclass.yaml | 7 + deploy/kubernetes/v1.12/secret.yaml | 7 + 14 files changed, 444 insertions(+) rename deploy/kubernetes/{v1.12+ => latest}/attacher.yaml (100%) rename deploy/kubernetes/{v1.12+ => latest}/node.yaml (100%) rename deploy/kubernetes/{v1.12+ => latest}/provisioner.yaml (100%) rename deploy/kubernetes/{v1.12+ => latest}/sample_app/claim.yaml (100%) rename deploy/kubernetes/{v1.12+ => latest}/sample_app/pod.yaml (100%) rename deploy/kubernetes/{v1.12+ => latest}/sample_app/storageclass.yaml (100%) rename deploy/kubernetes/{v1.12+ => latest}/secret.yaml (100%) create mode 100644 deploy/kubernetes/v1.12/attacher.yaml create mode 100644 deploy/kubernetes/v1.12/node.yaml create mode 100644 deploy/kubernetes/v1.12/provisioner.yaml create mode 100644 deploy/kubernetes/v1.12/sample_app/claim.yaml create mode 100644 deploy/kubernetes/v1.12/sample_app/pod.yaml create mode 100644 deploy/kubernetes/v1.12/sample_app/storageclass.yaml create mode 100644 deploy/kubernetes/v1.12/secret.yaml diff --git a/deploy/kubernetes/v1.12+/attacher.yaml b/deploy/kubernetes/latest/attacher.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/attacher.yaml rename to deploy/kubernetes/latest/attacher.yaml diff --git a/deploy/kubernetes/v1.12+/node.yaml b/deploy/kubernetes/latest/node.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/node.yaml rename to deploy/kubernetes/latest/node.yaml diff --git a/deploy/kubernetes/v1.12+/provisioner.yaml b/deploy/kubernetes/latest/provisioner.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/provisioner.yaml rename to deploy/kubernetes/latest/provisioner.yaml diff --git a/deploy/kubernetes/v1.12+/sample_app/claim.yaml b/deploy/kubernetes/latest/sample_app/claim.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/sample_app/claim.yaml rename to deploy/kubernetes/latest/sample_app/claim.yaml diff --git a/deploy/kubernetes/v1.12+/sample_app/pod.yaml b/deploy/kubernetes/latest/sample_app/pod.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/sample_app/pod.yaml rename to deploy/kubernetes/latest/sample_app/pod.yaml diff --git a/deploy/kubernetes/v1.12+/sample_app/storageclass.yaml b/deploy/kubernetes/latest/sample_app/storageclass.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/sample_app/storageclass.yaml rename to deploy/kubernetes/latest/sample_app/storageclass.yaml diff --git a/deploy/kubernetes/v1.12+/secret.yaml b/deploy/kubernetes/latest/secret.yaml similarity index 100% rename from deploy/kubernetes/v1.12+/secret.yaml rename to deploy/kubernetes/latest/secret.yaml diff --git a/deploy/kubernetes/v1.12/attacher.yaml b/deploy/kubernetes/v1.12/attacher.yaml new file mode 100644 index 0000000000..f24d81fe0a --- /dev/null +++ b/deploy/kubernetes/v1.12/attacher.yaml @@ -0,0 +1,122 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher-sa + namespace: default + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner + namespace: default +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role + namespace: default +subjects: + - kind: ServiceAccount + name: csi-attacher-sa + namespace: default +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io + +--- + +kind: Service +apiVersion: v1 +metadata: + name: csi-attacher + labels: + app: csi-attacher +spec: + selector: + app: csi-attacher + clusterIP: None +--- + +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-attacher +spec: + serviceName: "csi-attacher" + replicas: 1 + template: + metadata: + labels: + app: csi-attacher + spec: + serviceAccount: csi-attacher-sa + containers: + - name: csi-attacher + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/csi-attacher:v0.4.1 + args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: ebs-plugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: amazon/aws-ebs-csi-driver:0.1.0-alpha + args : + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/kubernetes/v1.12/node.yaml b/deploy/kubernetes/v1.12/node.yaml new file mode 100644 index 0000000000..b8c9424108 --- /dev/null +++ b/deploy/kubernetes/v1.12/node.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-sa + namespace: default + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-node + namespace: default +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch", "update"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-node + namespace: default +subjects: + - kind: ServiceAccount + name: csi-node-sa + namespace: default +roleRef: + kind: ClusterRole + name: csi-node + apiGroup: rbac.authorization.k8s.io + +--- + +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-node +spec: + selector: + matchLabels: + app: csi-node + template: + metadata: + labels: + app: csi-node + spec: + serviceAccount: csi-node-sa + hostNetwork: true + containers: + - name: csi-driver-registrar + securityContext: + privileged: true + imagePullPolicy: Always + image: quay.io/k8scsi/driver-registrar:v0.4.1 + args: + - --v=5 + - --csi-address=$(ADDRESS) + - --mode=node-register + - --driver-requires-attachment=true + - --pod-info-mount-version="v1" + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: ebs-plugin + securityContext: + privileged: true + imagePullPolicy: Always + image: amazon/aws-ebs-csi-driver:0.1.0-alpha + args: + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory diff --git a/deploy/kubernetes/v1.12/provisioner.yaml b/deploy/kubernetes/v1.12/provisioner.yaml new file mode 100644 index 0000000000..5c7e8bc76f --- /dev/null +++ b/deploy/kubernetes/v1.12/provisioner.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner-sa + namespace: default + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner + namespace: default +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["list", "watch", "create", "update", "get"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role + namespace: default +subjects: + - kind: ServiceAccount + name: csi-provisioner-sa + namespace: default +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io + +--- + +kind: Service +apiVersion: v1 +metadata: + name: csi-provisioner + labels: + app: csi-provisioner +spec: + selector: + app: csi-provisioner + clusterIP: None +--- + +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-provisioner +spec: + serviceName: "csi-provisioner" + replicas: 1 + template: + metadata: + labels: + app: csi-provisioner + spec: + serviceAccount: csi-provisioner-sa + containers: + - name: csi-provisioner + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/csi-provisioner:v0.4.1 + args: + - --provisioner=ebs.csi.aws.com + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + + - name: ebs-plugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: amazon/aws-ebs-csi-driver:0.1.0-alpha + args : + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/kubernetes/v1.12/sample_app/claim.yaml b/deploy/kubernetes/v1.12/sample_app/claim.yaml new file mode 100644 index 0000000000..df798abf34 --- /dev/null +++ b/deploy/kubernetes/v1.12/sample_app/claim.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: claim1 +spec: + accessModes: + - ReadWriteOnce + storageClassName: slow + resources: + requests: + storage: 4Gi diff --git a/deploy/kubernetes/v1.12/sample_app/pod.yaml b/deploy/kubernetes/v1.12/sample_app/pod.yaml new file mode 100644 index 0000000000..9ba86729ca --- /dev/null +++ b/deploy/kubernetes/v1.12/sample_app/pod.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: app +spec: + containers: + - name: app + image: centos + command: ["/bin/sh"] + args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"] + volumeMounts: + - name: persistent-storage + mountPath: /data + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: claim1 diff --git a/deploy/kubernetes/v1.12/sample_app/storageclass.yaml b/deploy/kubernetes/v1.12/sample_app/storageclass.yaml new file mode 100644 index 0000000000..57196d17aa --- /dev/null +++ b/deploy/kubernetes/v1.12/sample_app/storageclass.yaml @@ -0,0 +1,7 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: slow + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: ebs.csi.aws.com diff --git a/deploy/kubernetes/v1.12/secret.yaml b/deploy/kubernetes/v1.12/secret.yaml new file mode 100644 index 0000000000..a77fc16c10 --- /dev/null +++ b/deploy/kubernetes/v1.12/secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-secret +stringData: + key_id: + access_key: