Merge remote-tracking branch 'upstream/master'

Dockerfile

@@ -15,7 +15,7 @@
 FROM golang:1.12.7-stretch as builder
 WORKDIR /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver
 ADD . .
-RUN make 
+RUN make
 
 FROM amazonlinux:2
 RUN yum install ca-certificates e2fsprogs xfsprogs util-linux -y

Makefile

@@ -35,7 +35,7 @@ verify:
 
 .PHONY: test
 test:
-	go test -v -race ./pkg/...
+	go test -v -race ./cmd/... ./pkg/...
 
 .PHONY: test-sanity
 test-sanity:

OWNERS

@@ -5,10 +5,12 @@ approvers:
 - ddebroy
 - d-nishi
 - leakingtapan
+- wongma7
 reviewers:
 - bertinatto
 - jsafrane
 - gnufied
 - ddebroy
 - d-nishi
 - leakingtapan
+- wongma7

aws-ebs-csi-driver/templates/daemonset.yaml

@@ -25,8 +25,7 @@ spec:
       hostNetwork: true
       priorityClassName: system-node-critical
       tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
+        - operator: Exists
         {{- with .Values.node.tolerations }}
 {{ toYaml . | indent 8 }}
         {{- end }}
@@ -36,6 +35,7 @@ spec:
             privileged: true
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           args:
+            - node
             - --endpoint=$(CSI_ENDPOINT)
             - --logtostderr
             - --v=5
@@ -63,7 +63,7 @@ spec:
             periodSeconds: 10
             failureThreshold: 5
         - name: node-driver-registrar
-          image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
+          image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrarImage.repository .Values.sidecars.nodeDriverRegistrarImage.tag }}
           args:
             - --csi-address=$(ADDRESS)
             - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
@@ -83,7 +83,7 @@ spec:
             - name: registration-dir
               mountPath: /registration
         - name: liveness-probe
-          image: quay.io/k8scsi/livenessprobe:v1.1.0
+          image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
           args:
             - --csi-address=/csi/csi.sock
           volumeMounts:

aws-ebs-csi-driver/templates/deployment.yaml

@@ -32,8 +32,7 @@ spec:
       affinity: {{ toYaml . | nindent 8 }}
       {{- end }}
       tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
+        - operator: Exists
       {{- with .Values.tolerations }}
 {{ toYaml . | indent 8 }}
       {{- end }}
@@ -42,10 +41,11 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
+            - controller
             - --endpoint=$(CSI_ENDPOINT)
+            {{ include "aws-ebs-csi-driver.extra-volume-tags" . }}
             - --logtostderr
             - --v=5
-            {{ include "aws-ebs-csi-driver.extra-volume-tags" . }}
           env:
             - name: CSI_ENDPOINT
               value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
@@ -61,6 +61,10 @@ spec:
                   name: aws-secret
                   key: access_key
                   optional: true
+            {{- if .Values.region }}
+            - name: AWS_REGION
+              value: {{ .Values.region }}
+            {{- end }}
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
@@ -80,7 +84,7 @@ spec:
           resources: {{ toYaml . | nindent 12 }}
           {{- end }}
         - name: csi-provisioner
-          image: quay.io/k8scsi/csi-provisioner:v1.3.0
+          image: {{ printf "%s:%s" .Values.sidecars.provisionerImage.repository .Values.sidecars.provisionerImage.tag }}
           args:
             - --csi-address=$(ADDRESS)
             - --v=5
@@ -96,10 +100,12 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: csi-attacher
-          image: quay.io/k8scsi/csi-attacher:v1.2.0
+          image: {{ printf "%s:%s" .Values.sidecars.attacherImage.repository .Values.sidecars.attacherImage.tag }}
           args:
             - --csi-address=$(ADDRESS)
             - --v=5
+            - --leader-election=true
+            - --leader-election-type=leases
           env:
             - name: ADDRESS
               value: /var/lib/csi/sockets/pluginproxy/csi.sock
@@ -108,10 +114,10 @@ spec:
               mountPath: /var/lib/csi/sockets/pluginproxy/
         {{- if .Values.enableVolumeSnapshot }}
         - name: csi-snapshotter
-          image: quay.io/k8scsi/csi-snapshotter:v1.1.0
+          image: {{ printf "%s:%s" .Values.sidecars.snapshotterImage.repository .Values.sidecars.snapshotterImage.tag }}
           args:
             - --csi-address=$(ADDRESS)
-            - --connection-timeout=15s
+            - --leader-election=true
           env:
             - name: ADDRESS
               value: /var/lib/csi/sockets/pluginproxy/csi.sock
@@ -121,7 +127,7 @@ spec:
         {{- end }}
         {{- if .Values.enableVolumeResizing }}
         - name: csi-resizer
-          image: quay.io/k8scsi/csi-resizer:v0.2.0
+          image: {{ printf "%s:%s" .Values.sidecars.resizerImage.repository .Values.sidecars.resizerImage.tag }}
           imagePullPolicy: Always
           args:
             - --csi-address=$(ADDRESS)
@@ -134,7 +140,7 @@ spec:
               mountPath: /var/lib/csi/sockets/pluginproxy/
         {{- end }}
         - name: liveness-probe
-          image: quay.io/k8scsi/livenessprobe:v1.1.0
+          image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
           args:
             - --csi-address=/csi/csi.sock
           volumeMounts:

aws-ebs-csi-driver/templates/rbac.yaml

@@ -16,6 +16,12 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["csinodes"]
     verbs: ["get", "list", "watch"]
@@ -104,6 +110,12 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
     verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     verbs: ["create", "list", "watch", "delete"]
@@ -122,6 +134,77 @@ roleRef:
   name: ebs-external-snapshotter-role
   apiGroup: rbac.authorization.k8s.io
 
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ebs-snapshot-controller-role
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ebs-csi-snapshot-controller-binding
+subjects:
+  - kind: ServiceAccount
+    name: ebs-snapshot-controller
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: ebs-snapshot-controller-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ebs-snapshot-controller-leaderelection
+  namespace: kube-system 
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: snapshot-controller-leaderelection
+  namespace: kube-system 
+subjects:
+  - kind: ServiceAccount
+    name: ebs-snapshot-controller
+    namespace: kube-system 
+roleRef:
+  kind: Role
+  name: snapshot-controller-leaderelection
+  apiGroup: rbac.authorization.k8s.io
+
 {{- end }}
 
 {{- if .Values.enableVolumeResizing }}

aws-ebs-csi-driver/templates/serviceaccount.yaml

@@ -6,3 +6,11 @@ metadata:
   {{- with .Values.serviceAccount.annotations }}
   annotations: {{ toYaml . | nindent 4 }}
   {{- end }}
+
+---
+# RBAC file for the snapshot controller.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ebs-snapshot-controller
+  namespace: kube-system

aws-ebs-csi-driver/templates/statefulset.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.enableVolumeSnapshot }}
+#Snapshot controller
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: ebs-snapshot-controller
+  namespace: kube-system
+spec:
+  serviceName: ebs-snapshot-controller
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ebs-snapshot-controller
+  template:
+    metadata:
+      labels:
+        app: ebs-snapshot-controller
+    spec:
+      serviceAccount: ebs-snapshot-controller
+      containers:
+        - name: snapshot-controller
+          image: quay.io/k8scsi/snapshot-controller:v2.0.1
+          args:
+            - --v=5
+            - --leader-election=false
+{{- end }}

aws-ebs-csi-driver/values.yaml

@@ -9,6 +9,26 @@ image:
   tag: "v0.4.0"
   pullPolicy: IfNotPresent
 
+sidecars:
+  provisionerImage:
+    repository: quay.io/k8scsi/csi-provisioner
+    tag: "v1.5.0"
+  attacherImage:
+    repository: quay.io/k8scsi/csi-attacher
+    tag: "v1.2.0"
+  snapshotterImage:
+    repository: quay.io/k8scsi/csi-snapshotter
+    tag: "v2.0.1"
+  livenessProbeImage:
+    repository: quay.io/k8scsi/livenessprobe
+    tag: "v1.1.0"
+  resizerImage:
+    repository: quay.io/k8scsi/csi-resizer
+    tag: "v0.3.0"
+  nodeDriverRegistrarImage:
+    repository: quay.io/k8scsi/csi-node-driver-registrar
+    tag: "v1.1.0"
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -49,6 +69,12 @@ affinity: {}
 #   key2: value2
 extraVolumeTags: {}
 
+# AWS region to use. If not specified then the region will be looked up via the AWS EC2 metadata
+# service.
+# ---
+# region: us-east-1
+region: ""
+
 node:
   podAnnotations: {}
   tolerations: []

cmd/main.go

@@ -18,40 +18,20 @@ package main
 
 import (
 	"flag"
-	"fmt"
-	"os"
 
 	"github.com/kubernetes-sigs/aws-ebs-csi-driver/pkg/driver"
-	cliflag "k8s.io/component-base/cli/flag"
+
 	"k8s.io/klog"
 )
 
 func main() {
-	var (
-		version         bool
-		endpoint        string
-		extraVolumeTags map[string]string
-	)
-
-	flag.BoolVar(&version, "version", false, "Print the version and exit.")
-	flag.StringVar(&endpoint, "endpoint", driver.DefaultCSIEndpoint, "CSI Endpoint")
-	flag.Var(cliflag.NewMapStringString(&extraVolumeTags), "extra-volume-tags", "Extra volume tags to attach to each dynamically provisioned volume. It is a comma separated list of key value pairs like '<key1>=<value1>,<key2>=<value2>'")
-
-	klog.InitFlags(nil)
-	flag.Parse()
-
-	if version {
-		info, err := driver.GetVersionJSON()
-		if err != nil {
-			klog.Fatalln(err)
-		}
-		fmt.Println(info)
-		os.Exit(0)
-	}
+	fs := flag.NewFlagSet("aws-ebs-csi-driver", flag.ExitOnError)
+	options := GetOptions(fs)
 
 	drv, err := driver.NewDriver(
-		driver.WithEndpoint(endpoint),
-		driver.WithExtraVolumeTags(extraVolumeTags),
+		driver.WithEndpoint(options.ServerOptions.Endpoint),
+		driver.WithExtraVolumeTags(options.ControllerOptions.ExtraVolumeTags),
+		driver.WithMode(options.DriverMode),
 	)
 	if err != nil {
 		klog.Fatalln(err)